Broken Authentication Via Cookie Manipulation
What is a session cookie used for?
What does 'base64 encoding' do to a cookie's data?
What should be done to prevent session cookie manipulation?