Vulnerabilities
1
 min read

Session ID in URL Rewrite

URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header.

Summary

URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.

Risk

Medium

Solution

For secure content, put session ID in a cookie. To be even more secure consider using a combination of cookie and URL rewrite.

References

Scan and protect your web application from hackers

Run our automated penetration testing and vulnerability assessment to protect your web application from hackers.

Thank you for registering
Oops! Something went wrong.

Latest Articles

View All Articles

Server Leaks Information via 'X-Powered-By' HTTP Response Header Field(s)

The web/application server is leaking information via one or more “X-Powered-By” HTTP response headers.

Vulnerabilities
1
 min read

Strict-Transport-Security Header

HTTP Strict Transport Security (HSTS).

Vulnerabilities
1
 min read

Heartbleed OpenSSL Vulnerability (Indicative)

The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets.

Vulnerabilities
1
 min read