Vulnerabilities
1
 min read

Session ID in URL Rewrite

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor.

Summary

URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.

Risk

Medium

Solution

For secure content, put session ID in a cookie. To be even more secure consider using a combination of cookie and URL rewrite.

References

Let’s check and protect your website from hackers

Run our expert website security checkup and get your tailored security recommendations to protect your website.

Thank you for registering
Oops! Something went wrong.

Latest Articles

View All Articles

Cross-Domain JavaScript Source File Inclusion

The page includes one or more script files from a third-party domain.

Vulnerabilities
2
 min read

Incomplete or No Cache-control Header Set

The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content.

Vulnerabilities
1
 min read

Cookie Without Secure Flag

CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute.

Vulnerabilities
1
 min read