If I go to a cybercafe and use one of the shared computers, and use a social media application, which deletes session IDs when the browser is closed.
A clever person comes, who knows about the application’s behaviour (that this application deletes session IDs when someone closes their browser), he asks me to move quickly and says, "Please don’t close the browser, I have some urgent stuff to do." So, in a hurry I close the tab I’m using and think that I’m logged out (it is stupid, but I have seen people do that). The moment I leave, the other person starts accessing my UserID.
Regardless of my stupidity, if we see this scenario from the technical point of view, is this an example of broken authentication or social engineering or both?