Skip to content Skip to main navigation Skip to footer

How to get the Session Cookie

In order to perform an Authentication Website Scan with the Cookies or Headers methods, you will need to obtain the Session Cookie.

First, you have to manually authenticate in the target web application using your web browser. Secondly, you need to get the session cookie string from the browser.

For example, using Google Chrome, you’ll have to perform the following actions:

  • Enter Developer Tools – by Menu > More tools > Developer Tools (or Ctrl + Shift + I)
  • Enter the ‘Network’ Tab
  • Refresh page (or Ctrl + R)
  • Click on the ‘Name’ section, choose a URL that displays an additional ‘Cookies’ tab.
  • Go to the ‘Headers’ Tab (for that URL)
  • Scroll to Request Headers and see the Cookie header
  • Copy the string from the Cookie header and insert it as in the example below:
PHPSESSID=a765feb13b4112f3d12f3dfa12e;_aa_id=ad4b654ad48f4d545a64d75ea’ (a list with name=value separated by “;” and no spaces)

Here is the Developer Tools interface:

Developer Tools interface

Was This Article Helpful?


If you didn't find what you were looking for, browse the categories below or contact us now!

We'd really love to get you the answer you're looking for. If the article How to get the Session Cookie doesn't contain the information you're seeking, please get in touch with us directly:

Contact us »