Vulnerabilities
1
 min read

Session ID in URL Rewrite

URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header.

Summary

URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.

Risk

Medium

Solution

For secure content, put session ID in a cookie. To be even more secure consider using a combination of cookie and URL rewrite.

References

Secure Your Startup. Today.

We make your startup secure and compliant by implementing and managing the security controls your customers require.

Get Started

Latest Articles

View All Articles

Navigating GDPR Compliance on AWS

How to secure your AWS environment in compliance with the GDPR?

Mitigations
5
 min read

Plan Your Security Roadmap

Check out how other startups become secure and compliant.

Mitigations
2
 min read

Server Leaks Information via 'X-Powered-By' HTTP Response Header Field(s)

The web/application server is leaking information via one or more “X-Powered-By” HTTP response headers.

Vulnerabilities
1
 min read