kv109/my_app_index.php

## my_app_index.php
<?php
//my_app/index.php

session_start();

//uncomment line below to make your app safer
//session_regenerate_id();
echo session_id();

if( isset($_GET['login']) ) {
	$login = $_GET['login'];
	$_SESSION['login'] = $login;
	if( $login == 'attacker' ) {
		$_SESSION['user_id'] = 1;
	}
	else {
		$_SESSION['user_id'] = 2;
	}
}

echo '<br />';
print_r($_SESSION);
echo '<br />';
echo '<br />';
echo '<br />';

if( $_SESSION['user_id'] == 1 )
	echo 'You are Attacker';
else
	echo 'You are some innocent user';

echo '<br />';
echo '<br />';
echo '<br />';
echo 'Login:'.$_SESSION['login'];

echo '<br />';
echo '<br />';
?>
<a href="http://your_domain/bad_cookie/index.php">Don't click here</a>
	<?php
	//my_app/index.php

	session_start();

	//uncomment line below to make your app safer
	//session_regenerate_id();
	echo session_id();

	if( isset($_GET['login']) ) {
	$login = $_GET['login'];
	$_SESSION['login'] = $login;
	if( $login == 'attacker' ) {
	$_SESSION['user_id'] = 1;
	}
	else {
	$_SESSION['user_id'] = 2;
	}
	}

	echo '<br />';
	print_r($_SESSION);
	echo '<br />';
	echo '<br />';
	echo '<br />';

	if( $_SESSION['user_id'] == 1 )
	echo 'You are Attacker';
	else
	echo 'You are some innocent user';

	echo '<br />';
	echo '<br />';
	echo '<br />';
	echo 'Login:'.$_SESSION['login'];

	echo '<br />';
	echo '<br />';
	?>
	<a href="http://your_domain/bad_cookie/index.php">Don't click here</a>