OWASP Top 10 2017 states:
Session IDs should not be in the URL, be securely stored
But what is meant by "securely stored"?
P.S.: I personally don't find any problem with URL rewriting if https is used.
質問する
29 次
OWASP Top 10 2017 states:
Session IDs should not be in the URL, be securely stored
But what is meant by "securely stored"?
P.S.: I personally don't find any problem with URL rewriting if https is used.