Sensitive information in URLs may be logged in a variety of places, including the user’s browser, the webserver, and any forward or reverse proxy servers between the two destinations. Users may also have URLs shown on-screen, bookmarked, or sent to others. When off-site links are followed, they may be revealed to third parties through the Referer header. Including session tokens in the URL increases the likelihood that they may be intercepted by an attacker.
For transferring session tokens, applications should utilize an alternate mechanism, such as HTTP cookies or hidden fields in forms submitted through the POST method.
ZOFixer.com security scan helps to find this vulnerability in your software and server, you can easily use it by registering on our website and activating the 30-day trial.