Setting a PHP cookie value to be intentionally vulnerable

First of all, I’m new to PHP and coding in general.

I’m currently creating a web application which is intentionally vulnerable to teach students about web based vulnerabilities. The web app consists of levels with each level containing a different vulnerability.

On the current level, I am trying to set a cookie name “Authenticated” with a value of “0” when a user successfully logs into the level. When they reach the page, they receive a PHP error that they are not authenticated. I want them to be able to intercept the page request, change the value to “1”, and then as a result of this changed value, receive a PHP echo containing the password for the next level.

Here is my main page (level6.php):


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 <html xmlns="" xml:lang="en" lang="en">
   <meta charset='utf-8'>
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <meta name="viewport" content="width=device-width, initial-scale=1">
   <link rel="stylesheet" href="../css/wargames.css">
   <title>Generic Web App Title</title>
</head> <body background="../images/background.jpg"> <br />

Welcome to Level 6!

<br />

Woocommerce caches cart (Combined with W3 Total Cache)

I’ve experienced a weird issue on a site using WordPress + Woocommerce recenty. The site uses W3 Total Cache for page cache and browser cache and although i’ve set the woocommerce_cart_items cookie in the rejected list for page cache, the front page is beeing cached .
As a result i’ve issues with the cart ,empty on front page as is served as static, in other shop pages are regenerated and everything is fine.
To my understanding, pages are supposed to be cached if the cookie woocommerce_cart_items is missing ( so we have a guest customer browsing ), and after a product is added in the cart, woocommerce created a session and the cookie is stored so next time the frontpage is called it’s beeing regenerated and not served as static, is that right?
Is there a way to ensure this functionality?

Is this affected depending on the caching option selected (disk, apcu …)? if i decide to use redis for page cache , which is the best way to exclude such things from beeing cached?

Source: stackoverflow-php

JSP doesn’t show cookie for the first time

I set a cookie in javascript, not in controller and I want to check if that cookie exists in JSP. My cookie is set, but I have to reload the page manually in order to see it in jsp. I did reload method in javascript, but I still have to reload page once more.

getting cookie: ${cookie['_sYrV'] } or ${cookie._sYrV }


set_cookie("name","value", 1);
window.onload = function () {
    if (!localStorage.reloadOnce) {
        localStorage.setItem("reloadOnce", "true");

var set_cookie = function(name, value, day) {
    var d = new Date();
    d.setTime(d.getTime() + (day * 24 * 60 * 60 * 1000));
    var expires = "expires=" + d.toUTCString();
    document.cookie = name + "=" + value + ";" + expires + ";path=/";

What should I do in order to see the cookie in jsp without reloading the page manually?

Source: stackoverflow-javascript