Session IDs can also be transmitted via GET requests

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the eLearnSecurity Junior Penetration Tester exam with our comprehensive quiz platform. Improve your skills with multiple-choice questions, detailed explanations, and exam tips. Get exam ready with ease!

Multiple Choice

Session IDs can also be transmitted via GET requests

Explanation:
Session IDs can be transmitted through the URL because a GET request sends data in the query string of the URL. If a session identifier is appended as a parameter (for example, ?sessionid=abc123), it becomes part of the address the user sees and shares. This makes the session ID vulnerable to exposure via browser history, logs, and Referer headers when navigating to other sites. That’s why this method is generally discouraged in favor of keeping session state in secure cookies or using authorization headers. While GET exposes session IDs in the URL, other methods like POST or PUT send data in the request body, and WebSocket frames carry data differently, so the specific exposure described here points to the URL in GET requests.

Session IDs can be transmitted through the URL because a GET request sends data in the query string of the URL. If a session identifier is appended as a parameter (for example, ?sessionid=abc123), it becomes part of the address the user sees and shares. This makes the session ID vulnerable to exposure via browser history, logs, and Referer headers when navigating to other sites. That’s why this method is generally discouraged in favor of keeping session state in secure cookies or using authorization headers. While GET exposes session IDs in the URL, other methods like POST or PUT send data in the request body, and WebSocket frames carry data differently, so the specific exposure described here points to the URL in GET requests.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy