The loginRedirect cookie value was used directly in res.redirect() and
window.location.replace() without validation, allowing redirection to
arbitrary external URLs. Added validation to ensure the redirect target
is a relative path before use.
Co-authored-by: kolega.dev <faizan@kolega.ai>