BugBountyNotes Forum » Bug Help » Browsing Topic

UserId in cookies - Understanding dev mindset ?
Posted in Bug Help by @noobness



A website sets 2 cookies after logging in :

  1. SessionToken
  2. UserId

Almost every request is displaying response based on the SessionToken Value and changing UserId value to someone's else does NOT display his data. Removing the UserId cookie from the request has no effect as well . i.e, it doesn't sign me out.

I've seen this behaviour in a lot of websites and just trying to understand dev mindset. I have following questions regarding this :

  1. Where is that cookie being used exactly?
  2. Why do they need to set UserId as a cookie and why not as a session variable. An attacker can not manipulate session variable ,right ?

Posted on 2018-12-05



hi I think the developer might used userId in a specific part of the applications logic that you might not invoked that part yet. for example it might be used on sign out logic!

Posted on 2018-12-25 at 08:54:06am (GMT)