Hybridsessions does not expire session id on logout
Silverstripe silverstripe/framework through 4.10 allows Session Fixation.
Advisories for Composer/Silverstripe/Hybridsessions package
2022
Silverstripe silverstripe/framework through 4.10 allows Session Fixation.