Image tag src-attribute: Session lost with mobile connection

I use an <img> tag with an src-attribute pointing to a script that loads the image from a non-public folder. When I test my website with a mobile connection, the scr-attributes path is changed from src="http://example.com to src="http://1.1.1.1.bmi/example.com, I guess that has something to do with my mobile internet provider. The problem is, the image-providing script cannot identify the session of the incoming request anymore.
On a non-mobile WIFI connection, the src-attribute is not changed, everything works as expected and the session is found.


Source: stackoverflow-php

Setting a PHP cookie value to be intentionally vulnerable

First of all, I’m new to PHP and coding in general.

I’m currently creating a web application which is intentionally vulnerable to teach students about web based vulnerabilities. The web app consists of levels with each level containing a different vulnerability.

On the current level, I am trying to set a cookie name “Authenticated” with a value of “0” when a user successfully logs into the level. When they reach the page, they receive a PHP error that they are not authenticated. I want them to be able to intercept the page request, change the value to “1”, and then as a result of this changed value, receive a PHP echo containing the password for the next level.

Here is my main page (level6.php):

 <?php
 session_start();
 if(!isset($_SESSION['user'])){
    header("Location:../level5/login6.php");
 }
 include("authentication.php");
 ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <meta charset='utf-8'>
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <meta name="viewport" content="width=device-width, initial-scale=1">
   <link rel="stylesheet" href="../css/wargames.css">
   http://code.jquery.com/jquery-latest.min.js
   http://js/script.js
   <title>Generic Web App Title</title>
   
</head> <body background="../images/background.jpg"> <br />

Welcome to Level 6!


<br />