Vulnerability: Server accepts fixed Session ID in a cookie