Oracle 10g Express Edition does not invalidate the cookie www_flow_user2 on server when the user logs off.
Tested in version:- Oracle 10g Express edition 10.2.0.1.0, other versions may also be vulnerable.
Patch:- Oracle CPU April 2008
www.notsosecure.com
From Pentesters To Pentesters