Hello good day to everyone. Today I gonna share to all about the remediation for Session Token in URL. As we all know about the web application security, session token should be put in the URL or sending via GET method because session token need to be kept carefully and cannot be shared with other as it is for authentication purposes.
Another situation that is why session token cannot be put in the URL is because of everything that appears in the URL will be recorded in browser history. So, lets say a person browse to a certain web application that store session token in the URL using public computer (e.g Library or Cyber cafe), the next person that use the same computer will see the session token inside the browser history.
Sample of Session Token in URL
The sample above shown the session token is sent using GET method / in URL
Remediation for Session Token in URL Issue
These are several remediation actions that we can follow in order to solve the session token in URL issue.
