After successful login JSessionID is exposed as a Get Parameter
We were running a security scan as part of the vulnerability test. The scan report has identified an issue that the JSESSIONID is passed as a Get Parameter instead of a Post.
Scan Results are as below
Medium: Placing tokens into the URL increases the risk that they will be captured by an attacker.
Low: An attacker would need to get access to a URL where the token was leaked.
Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed
Request: GET /reporting/login.i4;jsessionid=177C4C8C37EDE8A151A263C7E69909A4
Are there any settings in Yellowfin using which we can control this behaviour. Is there any way we can configure Yellowfin to pass the JSessionID as a post parameter instead to a sending it as a Get Parameter.