Analysis and Exploration of Vulnerabilities

SESSION ID

A value, set by the server in the HTML/Javascript.

  • Kept manually by the HTML/JS logic.

  • Browser is unaware of it.

URLs in the HTML include the SESSION ID.

  • <a href=http://company.com?PHPSESSION=value>resource</a>

SESSION ID added to requests.

  • Header or explicit argument in GET actions.

  • Header or body in POST actions

PreviousReferer HeaderNextCookies (RFC 6265)

Last updated