By replaying both the token found in the cookie and the referer value of the authenticated request into the unauthenticated request, we are able to bypass the authentication scheme and gain unauthorized access to the application.