Issue: Session Hijacking

Description:

If the application does validate each request received, an attacker can use the currently logged-in user's session ID in a different machine and access the application.

Remediation:

In the ZIETrans application, each request can be validated by enabling token-based authentication.

For more details, refer to Enable token based protection (Web-only) topic in the below link:

Client settings