Web - Server

i tried to solve this challenge by brute force the secret key i did not secsuess . first of all i need to identify the token type,it looks like jwt token but when i decode it in jwt.io i see the user information are in the header instead of payload which is not the case in jwt token,so how i can get it’s type?

Cookie: _ga=GA1.1.1747889630.1721747662; _ga_SRYSKX09J7=GS1.1.1722548511.16.1.1722548569.0.0.0; session=eyJhbGciOiJIUzI1NiJ9.eyJhZG1pbiI6InRydWUiLCJ1c2VybmFtZSI6ImFkbWluIn0.2E22t8KiaVVI_If6cydt4LjNsGmeWDfvEvImWUahNyE