I'm analysing HTTPS traffic between my Chrome browser and a 3rd party site of interest.
I notice that the website is passing back a cookie called "session" (in HTTP header "Set-Cookie"), but the next request from the browser has changed the cookie (its a long string of hex, maybe 100chars?, only the first say 20 chars have changed, but changed they have)... which is not what I expect to happen...
or is this being done by javascipt on the page when it loads?
I looked at the page searching for "cookie" but couldn't see anything.. however the page loads up a lot of other .JS scripts too... do I need to check all these too?
cheers