typelogic/cookie.md

Created September 10, 2020 03:51

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/typelogic/819ce8967aab3f87df60520a46d67a1d.js"></script>
Save typelogic/819ce8967aab3f87df60520a46d67a1d to your computer and use it in GitHub Desktop.

Raw

This request has wrong password, but is still accepted by 'spring boot server' due to a presence of a cookie from another successful request:

curl --location --request POST 'http://localhost:8080/idpass' \
--header 'Authorization: Basic dXNlcjpwYXNzd29yZDEyMw==' \
--header 'Content-Type: application/json' \
--header 'Cookie: JSESSIONID=EA39A09B47575D192845148AFFCAD85B' \
--data-raw '{
    "surname":"Murdock",
    "givenname":"John",
    "placeofbirth":"Slovenia",
    "pin":"1234"
}'

Author

typelogic commented Sep 13, 2020

This seems only true for form-based authentication but not for basic auth