all InfoSec news
Laravel Tinker: login as another user and generate an injectable session cookie
May 8, 2024, 11:19 p.m. | Lemuel Flores
DEV Community dev.to
Generating session cookie
- Enter Laravel Tinker
php artisan tinker
- Authenticate
# Login using id
auth()->loginUsingId(1);
# Login using a user instance
auth()->login(User::where('email', 'foo@bar.com')->first())
- Save the session
session()->save()
If you are not using EncryptedCookie for some reason, you can stop at this step and proceed to injecting the session id to your session cookie:
session()->getId()
- Generate the cookie value that is about to get encrypted
\Illuminate\Cookie\CookieValuePrefix::create(config('session.cookie'), app(\Illuminate\Contracts\Encryption\Encrypter::class)->getKey()).session()->getId()
- Generate the encrypted cookie value
It is highly likely the 2nd parameter here is …
auth authenticate can com cookie email instance laravel login php session
More from dev.to / DEV Community
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Computer and Forensics Investigator
@ ManTech | 221BQ - Cstmr Site,Springfield,VA
Senior Security Analyst
@ Oracle | United States
Associate Vulnerability Management Specialist
@ Diebold Nixdorf | Hyderabad, Telangana, India