Truly Random Signature — Predictable Session Token Analysis
The server issues session tokens that are predictable or reusable. Requesting the site twice, comparing the Set-Cookie headers, and identifying the pattern allows forging or reusing an admin-level token.