logo

Referer Exposes Session ID

  • Risk:
  • Medium

  • Type:
  • Passive
Summary

A hyperlink pointing to another host name was found. As session ID URL rewrite is used, it may be disclosed in referer header to external hosts.

Solution

This is a risk if the session ID is sensitive and the hyperlink refers to an external or third party host. For secure content, put session ID in secured session cookie.

References

https://seclists.org/webappsec/2002/q4/111

Free security scan for your website