URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header.
URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.
Medium
For secure content, put session ID in a cookie. To be even more secure consider using a combination of cookie and URL rewrite.
Run our automated penetration testing and vulnerability assessment to protect your web application from hackers.