- Enter Laravel Tinker
php artisan tinker- Authenticate
# Login using id
auth()->loginUsingId(1);
# Login using a user instance
auth()->login(User::where('email', 'foo@bar.com')->first())- Save the session
session()->save()If you are not using EncryptedCookie for some reason, you can stop at this step and proceed to injecting the session id to your session cookie:
session()->getId()- Generate the cookie value
\Illuminate\Cookie\CookieValuePrefix::create(config('session.cookie'), app(\Illuminate\Contracts\Encryption\Encrypter::class)->getKey()).session()->getId()- Encrypt cookie value
app(\Illuminate\Contracts\Encryption\Encrypter::class)->encrypt(<value from previous step>, false)
# Or by using the helper:
encrypt(<value from previous step>, false)Here is the reference: https://github.com/laravel/framework/blob/v11.7.0/src/Illuminate/Cookie/Middleware/EncryptCookies.php#L187-L189
It is highly likely the 2nd parameter here is always false for everyone.
If not, then you probably know what you are doing.
- urlencode it or simply just replace the
=at the end with%3D
urlencode(<value from previous step>)- You can now proceed to injecting the generated string to the browser
- Open your website e.g http://localhost
- Open devtools
- Open Application tab
- Open Storage > Cookies > your website (e.g http://localhost)
- Double click on the value column of the session cookie (e.g laravel_session)
- Paste the value from Generate step
- Refresh the page
$email = "";
auth()->login(User::where('email', $email)->first())
session()->save()
$cookieValue = \Illuminate\Cookie\CookieValuePrefix::create(config('session.cookie'), app('encrypter')->getKey()).session()->getId()
$encryptedCookieValue = encrypt($cookieValue, false);
$encodedCookieValue = urlencode($encryptedCookieValue);You could turn this into a command if desired.