Hello there,
I had build a website and i have found a high security breach, could you please help me out?
After a successful login, the user clicks on a button in the home page which shows him the list of all the questions he asked to the experts. Now he clicks on any one of the question and that question Id is passed as a query string and opens the details of that question on to the other page. Now the user log out from the website.
Another user log into the website successfully, Now he copies the link(which was with question id as query string) from the browser history and paste into tab and then he can successfully see the details of that question. The breach here is that the second user can see the details of the question asked by first user, which must not be allow. I cannot pass username & password every time for any request from database. How do i fix this security breach?
Thanks,
Sumit