in reply to
Re^3: What happened? (https)
in thread What happened?
I'm pretty sure you are aware of this, but to avoid confusion from people reading this later...
You'd have to learn the "secret" string and then reverse a hash function and that would then only get you the hashed password.
If we are really talking about the cookie being a cryptographic hash of something and a hashed password, the phrase reverse the hash describes an extremely hard problem. Reversing any cryptographic hash should be computationally infeasible.