There are many web applications that have set use_trans_sid as enabled. An enabled use_trans_sid will allow the PHP to pass session ID through the URL. This passing technique is a medium risk vulnerability in the cyber world as this vulnerability makes the web application more prone to session hijacking attacks. Session hijacking is a form of identity theft attack. Here, an attacker impersonates himself as another user so as to steal the victim’s session ID. If session,use_trans_sid is enabled, an attacker can easily sniff cookie data from the coomunication as this setting allows cookie transfer using URL.
The below code is an example:-
Using this vulnerability, an attacker can:-
The vulnerability can be fixed by:-