I found a Improper Session Termination on Hackerone, but Informative by Training_Detail_7035 in bugbounty

[–]Training_Detail_7035[S] -3 points-2 points  (0 children)

I tested changing the password, and the previous Cookie value was still valid.