This exercise covers the exploitation of a website using JWT for session without verifying the signature