Deleting or putting "false" in the validation cookie bypasses cookie validation

The validation cookie can be used to bind a cookie to an IP. Stealing the username and password cookies can bypass the IP bind if the validation cookie is assigned a value of "false" or is completely deleted.