i'm currently testing a web system that used to accept invalid cookies. This was tested by simply opening the browser inspector and changing them. After that the cookie never changed back to the correct value or had any other side effects.
Since this was identified as potential security problem changes were made to not accept invalid cookies. When i change the cookie value now it immediately changes back to the original value after loading a new page. This seems like correct behaviour but i'm kinda lacking the validation that the wrong value is not being accepted by the server.
So how can i check this? What do i need to watch in the inspector to see if the wrong value was not just corrected but also discarded by the server? Is that even possible with just the inspector or do i need access to the server in order to check it?
Thanks for your help!
Aucun commentaire:
Enregistrer un commentaire