In my use case, I have a website accessible only to authenticated users. I do have a large number of admins and a large number of users. I have Auth0 setup (free at this point) and it is working perfectly. However, I have a case where an authenticated user managed to steal the cookie of an admin and by doing so the user gained admin privileges!
Any ideas or advice on how to fix this security bug?
Your help is much appreciated! Thanks in advance.