[BUG] ...Cookie Parsing Issue with attack: pitchfork

[pussycat0x]

Is there an existing issue for this?

• I have searched the existing issues.

Current Behavior

In authenticated templates, after the login request is completed, the cookies are not being carried over to the second request when using the attack: pitchfork attack mode.

Example Template

http:
  - raw:
      - |
        POST /index.php HTTP/1.1
        Host: {{Hostname}}

        module=Users&action=Authenticate&return_module=Users&return_action=Login&user_name={{username}}&user_password={{password}}
    
      - | 
        GET /index.php?action=index&module=Home HTTP/1.1
        Host: {{Hostname}}
    
    attack: pitchfork
    payloads:
      username:
        - admin
      password:
        - admin
        - vicidialnow
        - goautodial

    host-redirects: true
    max-redirects: 2
    
    matchers:
      - type: dsl
        dsl:
          - 'status_code_2 == 200'
          - 'contains(header_1, "PHPSESSID=")'

Expected Behavior

.

Steps To Reproduce

.

Relevant log output

Environment

- OS: mac
- Nuclei: v3.5.1
- Go: go1.21.5 darwin/arm64

Anything else?

No response

[dwisiswant0]

Could you rerun with cookie-reuse: true enabled and see if the behavior changes?