How can I keep the session logged in by inserting the user id inside a cookie?

Question

I try to stay logged into my university session by avoiding entering my password. The point is that every week we reset the password for a 10-character password and it is very annoying to have to search for these reset passwords in the emails.

So what me and my sister came up with is to avoid entering the password via the plaintext id:

This cookie has been expired:

[
    {
        "domain": "siiauescolar.siiau.udg.mx",
        "hostOnly": true,
        "httpOnly": false,
        "name": "17092022SIIAUSESION",
        "path": "/",
        "sameSite": null,
        "secure": false,
        "session": true,
        "storeId": null,
        "value": "1199992582"
    },
    {
        "domain": "siiauescolar.siiau.udg.mx",
        "hostOnly": true,
        "httpOnly": false,
        "name": "17092022SIIAUUDG",
        "path": "/",
        "sameSite": null,
        "secure": false,
        "session": true,
        "storeId": null,
        "value": "1170962"
    },
    {
        "domain": "siiauescolar.siiau.udg.mx",
        "expirationDate": 1698016592.462624,
        "hostOnly": true,
        "httpOnly": true,
        "name": "cookiesession1",
        "path": "/",
        "sameSite": null,
        "secure": false,
        "session": false,
        "storeId": null,
        "value": "678B2874FAC21D18E4111426474EF65D"
    }
]

But this is my id: 1170962

When I try to put it in the cookie with another date, it throws me a javascript taking me out of the session. Is there a way to prevent me from getting kicked out of the session?

Answer 1

The cookie is generated by the backend after you were being verified.

Also getting the userID depends on what the server returns some of them return them (userid) some of them dont.

In case of the server that returns the userID even if you managed to put the userid in the session the server will see it and not gonna do anything with it.

I suggest you use automation tools to do the need full for you, tool like

• Laravel Dusk
• Puppeteer
• Cypress

Study your UI controls, set the workflow and schedule the script using cron jobs or any task eg https://laravel.com/docs/9.x/scheduling every expiration day 5 min after or choose your time.

Answer 2

The only way to keep a session alive is to sending constantly requests to the platform. This can be automated using a bot script, eg something like this

while True; do
    curl -v -b 'your_cookie_data1=some_value' \
            -b 'your_cookie_data2=some_value' \
            -b 'your_cookie_data3=some_value' \
            ... enter full cookie data https://your.university.edu
    sleep 3600 # sending this request every hour
done

Of course you have to use a not-expired cookie. This script must be run on a device which is permanently powered on and connected to the internet like a smartphone.

It is totally possible that your university will invalidate your cookie when your password expires. It can also invalidate your cookie when it notices you using such a script or for other reasons. In fact it is probably against the terms of use you signed somewhere using such a script.
If the software decides to invalidate your cookie because of another reason than inactivity you can't do anything from stopping it.

It is highly not recommended to hack your university network. This can get you in trouble.