How can we help you today?

How to get the Session Cookie

In order to perform an Authentication Website Scan with the Cookies or Headers methods, you will need to obtain the Session Cookie.
Written by Cristin Sirbu
Updated 1 month ago

First, you have to manually authenticate in the target web application using your web browser. Secondly, you need to get the session cookie string from the browser.

For example, using Google Chrome, you’ll have to perform the following actions:

  • Enter Developer Tools – by Menu > More tools > Developer Tools (or Ctrl + Shift + I)
  • Enter the ‘Network’ Tab
  • Refresh page (or Ctrl + R)
  • Click on the ‘Name’ section, choose a URL that displays an additional ‘Cookies’ tab.
  • Go to the ‘Headers’ Tab (for that URL)
  • Scroll to Request Headers and see the Cookie header
  • Copy the string from the Cookie header and insert it as in the example below:
PHPSESSID=a765feb13b4112f3d12f3dfa12e;_aa_id=ad4b654ad48f4d545a64d75ea’ (a list with name=value separated by “; ”)

Here is the Developer Tools interface:

Developer Tools interface

Did this answer your question?