This page is useful for demonstrating the effects of cross site scripting (both persistent and reflected).
Reflected Query String Parameter
Set with ?reflected=
Allowing exploits is both hilarious and dangerous, so be gentle when attacking yourself. This has nothing to do with authentication at all unless you let somebody grab your session -- so we're not logging in here.