Authorization Bypass

sorcery is vulnerable to authorization bypass. The library allows a login request with no state field, which causes the library to reuse the value from the previous request or if there is no previous request it is overridden...