Skip to Main Content
Feature Request FR-4137
Product Area Security
Status CLOSED

2 Voters

Hiding Session Token In URL

srinivas.kikkuru Public
· Dec 9 2024

Idea Summary
When a session ID is included in the URL, it can be exposed in various ways, such as through browser history, server logs, and referrer headers. This exposure can lead to session hijacking, where an attacker can take over a user’s session by obtaining the session

Use Case
from session id and parameter passed in URL, hackers can capture the information.

Session Hijacking: Attackers can gain unauthorized access to a user’s session, potentially accessing sensitive information or performing actions on behalf of the user. • Compliance Issues: Exposing session IDs can lead to non-compliance with security standards and regulations.

Preferred Solution (Optional)
Provision to pass sensitive information, including session IDs without displaying in URL

This request is likely a duplicate of FR-4099.