Hi, I don't think this is a grave security issue. It is only a DoS for one client application, which requires another vulnerability to be present, can be easily resolved by deleting the relevant cookies, and does no other harm. As there are many ways to DoS (web)applications and the impact is small I suggest to downgrade the severity to normal.
It would be good to fix the bug of course. Thijs
pgpAHjAWHNe9Q.pgp
Description: PGP signature
