Ask the admin to fix something in their account -> Admin impersonates the attacker -> Attacker places the cookie for the temporary session -> After the work, admin clicks stop and the attacker now gets access to admin account.