This is a feature or a bug depending on your use case.
Some people have several Tikis on the same server and they want the login to be shared (and to have Single Sign On). But of course, some don't want this.
The permissions come from the group membership of that username. So user "Mohamed" can be Registered on one site, and admin on another.
in tiki-admin.php?page=login, there are three cookie-related prefs:
There can also be weirdness with cache.
Please see https://dev.tiki.org/Security for tips on how to report security issues.