Re: Unable to impersonate another user although having its cookie

A very very late entry to this thread with a side point - The easiest
way to check what's getting sent by 2 different users is by simply
using Burp Comparer. Just Intercept the requests with Burp Proxy and
send them to Comparer to see what's different. Once you find out
what's different just try and spoof that in your next request. Here is
a nice post on how to use Burp Comparer:

http://portswigger.net/suite/comparerhelp.html

Cheers
Arvind