The only text in the page was "Hello user 2"

There was only one cookie: PHPSESSID which contained the md5 value of the number 2.

Change the value of PHPSESSID cookie with the md5 value of the number 1 and get the flag