# Description Proper session timeout controls are critical for securing user accounts. If a user logs in on a public or shared computer but doesn’t explicitly log out (instead simply closing the browser tab), and session expiration dates are misconfigured, the session may remain active indefinitely. This then allows an attacker using the same browser later to access the user’s account without needing credentials, exploiting the fact that sessions never expire and remain authenticated. Your friend tells you to check out a new social media platform he built a few years ago. Although its still under development, he said the site is almost complete. He also mentioned that he hates constantly logging into sites, and so has made his page that 'once you login, you never have to log-out again'! Browse [here](http://dolphin-cove.picoctf.net:60438/), and find the flag! # Hints 1. Do you know how to use the web inspector? 2. Where are cookies stored? # Solution 根據提示，這題應該是要偷 cookie 來用 一開始看到登入頁面，所以先註冊一個帳號來試著登入  登入之後在 Homepage 看到有人說有 /sessions 這個頁面存在  然後就在 /sessions 這個頁面發現 admin 的 session 了 ``` 1) session:DTR4wGZttSK2uw4iQwXPK9P35Ocx6eTFa61yIeyD6dE, {'_permanent': True, 'key': 'admin'} 2) session:YKaGD-vxVgXZ5MCHAZURhA51eOfLkIZWKActcu1U708, {'_permanent': True, 'key': 'admin123'} ``` 按 F12 打開 DevTools ，把 session 修改成 admin 這個帳號的 原本: `YKaGD-vxVgXZ5MCHAZURhA51eOfLkIZWKActcu1U708` 改成: `DTR4wGZttSK2uw4iQwXPK9P35Ocx6eTFa61yIeyD6dE`  最後再回到 Homepage 就拿到 flag 了