[SEC-003] Broken Authentication - `rengginang` cookies is not changing after login and logout
Description
rengginang cookies is session cookies that used by PHP to identify the client. This cookie is used by authentication module as access control. This cookie is not change when user has login to the application and after user logs out the application. This is dangerous because it raises Broken Authentication vulnerability to the application.
Severity
This bug has severity HIGH
Affected Url
/auth/login/auth/logout
Attachment
Before Login
After Login
Edited by Bayu Samudra