Description
This vulnerability was detected using the information from phpinfo() page.
When the “use_only_cookies” option is disabled, PHP will pass the session’s ID through the Uniform Resource Locator (URL), this means you, and other users of your websites, may be exposed to session-type attacks.
In this case, an attacker could easily impersonate a legitimate user by stealing his Session ID\Token.
Recommendation
Simply enable the “session.use_only_cookies” option from php.ini or .htaccess.