Lab 8

1. The value of the 'isActive' cookie is 0.
2. When I made the request to www.cs.csubak.edu/~derrick/cs3680/examples/lab8/blog.php , it stayed on the home.php page. Nothing changed. 
3. After I used 'thepassword' as the password for the login, the cs.csubak.edu domain has two cookies and values. For the 'isActive' cookie. the value is 1. For the 'userinfo' cookie, the value is 'This+cookie+could+store+sensitive+data'.
4. After I changed the 'isActive' cookie value from 0 to 1, I made a get request to home.php and the blog.php page appeared.
5. At first, it redirected me to https://www.cs.csubak.edu/~derrick/cs3680/examples/lab8/fakeEvil.php?cookie=isActive=1. Then , after 10 seconds, it directed me to ../3680/examples/lab8/somethingcool.html. The values for the cookies are the same values in my cookie manager. 
6. After i posted '<h1>my comment</h1>', my previous post was deleted and showed '<h1>my comment</h1>'. After i posted <script>alert('xss');</script>, my previous post was deleted and showed '<script>alert('xss');</script>'.
7. You would not want to have sensitive information within a cookie because anyone with access to the computer later can easily pick those up.
8. cookies, validate