Issue Details

Even after logging out, session cookies remain active, allowing users to log back in without credentials. This represents a critical security vulnerability. Proper cookie invalidation must be enforced server-side.