Skip to content

Why Cookie should expire immediately when session is destroyed

March 2, 2018

Imagine this: You were at  airport or hotel, you logged in to a web page using a public computer, you logged out and went away , someone came over and copied your cookie, he can restore the session on another PC/laptop. Here’s how you do it :

1: Download “edit this cookie plugin” and install. Login to a webpage to test, in this tutorial I will demonstrate on Dot Net Nuke :


2: Click on the Edit This cookie.


3: Click on export


4: Now, I am going to open another browser from another PC, notice I am not currently logged in:


5: Click on the Edit This Cookie, then select import:


6: Ctrl-V to paste, then click on the tick:


7: Finally refresh the page. In this screenshot, you can see I can login as a superuser without providing the credential !


The purpose of this write-up is to remind you to be extremely careful when using public PC or even office PC.

Thanks for reading !

From → Security

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: