Rating:
### Solution:
> Upon entering the page, we are taken to a login page that will log in no matter what credentials you input. However, the recipe is only visible to cookie lovers.
>
> ![](https://media.discordapp.net/attachments/771504940623331378/773730754877718579/unknown.png)
>
> Our Inspector Tool can also allow us to see saved cookies that the site uses for the session (Inspector Tools > Application > Cookies). The hint indicates that Arjun placed the cookie on the front page, AKA the login page, so we'll have to go back to the login page to get the cookie.
>
> ![](https://media.discordapp.net/attachments/771504940623331378/773730947224043540/unknown.png)
>
> A common cookie configuration many sites use is setting the cookie to the root of the site with the Secure tag enabled, SameSite set to "None" or blank, and the word "Session" as the expiration age. When set like this, the cookie applies to anywhere on the site without expiration (until we close the browser or something). Let's configure this and login.If done correctly, the flag should appear.
>
> ![](https://media.discordapp.net/attachments/771504940623331378/773735178597302282/unknown.png)
>
#### **Flag:** nactf{c00kie_m0nst3r_5bxr16o0z}