Cookie & Login Practice

Learn to manage cookies for authenticated web scraping. This site uses Session + Cookie dual verification.

How This Site Authenticates

  1. Login: POST to /auth/check_login.php with name + student_no + CSRF token
  2. Session: PHP session cookie (PHPSESSID) is set automatically
  3. Remember Me: If checked, a remember_token cookie is set (30 days)
  4. Verification: Each protected page checks both Session and Cookie

Method 1: Browser Storage State (Playwright)

from playwright.sync_api import sync_playwright

with sync_playwright() as p:
    browser = p.chromium.launch()
    context = browser.new_context()
    page = context.new_page()

    # Login
    page.goto('http://localhost/auth/login.php')
    page.get_by_label('Name').fill('Your Name')
    page.get_by_label('Student Number').fill('Your Student No')
    page.get_by_label('Remember me').check()
    page.get_by_role('button', name='Login').click()
    page.wait_for_url('/')

    # Save storage state (cookies + localStorage)
    context.storage_state(path='auth_state.json')
    print("Login state saved to auth_state.json")

    browser.close()

    # Later: Restore login state
    with sync_playwright() as p:
        browser = p.chromium.launch()
        context = browser.new_context(storage_state='auth_state.json')
        page = context.new_page()

        # Now you're logged in!
        page.goto('http://localhost/me.php')
        print(page.title())

Method 2: requests with Cookies

import requests
from bs4 import BeautifulSoup

session = requests.Session()

# Get CSRF token from login page
login_page = session.get('http://localhost/auth/login.php')
soup = BeautifulSoup(login_page.text, 'html.parser')
csrf_token = soup.find('input', {'name': 'csrf_token'})['value']

# Login
response = session.post('http://localhost/auth/check_login.php', data={
    'name': 'Your Name',
    'student_no': 'Your Student No',
    'csrf_token': csrf_token,
    'remember_me': '1'
}, allow_redirects=False)

# Now session.cookies has the login cookies
print("Cookies:", dict(session.cookies))

# Access protected page
me_page = session.get('http://localhost/me.php')
print("Logged in!" if 'Profile' in me_page.text else "Not logged in")

Method 3: Manual Cookie String

import requests

# Copy cookies from browser DevTools:
# 1. Open DevTools → Application → Cookies
# 2. Copy PHPSESSID and remember_token values

cookies = {
    'PHPSESSID': 'your_session_id_here',
    'remember_token': 'your_token_here'
}

response = requests.get('http://localhost/me.php', cookies=cookies)
print("Status:", response.status_code)

Current Session Info

You are not logged in. Login first to see your cookies.

Cookie Inspection Tool

Your current cookies: