(Responded) Logged In Sessions Through Direct URLs

image1731×886 161 KB

image1227×815 55.2 KB

Hi Dhan Team,

I have noticed a potential security issue. When I visit the login page directly, it shows that I am logged out. However, if I navigate to any other URL (such as Dhan - Orders or any page except the login page), I remain logged in.

This raises a critical security concern: if someone were to steal my cookies (whether through an extension or other means), they would potentially gain access to my account without needing to log in, allowing them to access funds, make trades, etc.

This seems like a serious security flaw, and I urge you to look into it immediately.

Thank you for your attention to this matter.

Best regards,
Nitkarsh Chourasia

Hi @NitkarshChourasia Applications work differently from how you have mentioned.

If you are already logged in and have a valid session running, then when you hit the application via URLs it will keep you logged in. If you explicitly log out of the platform, and then hit the URLs the one that you have mentioned - then it will ask you to logout.

Broking platforms undertake mandatory security check and audits from time to time to ensure they are protected from cybersecurity and data / information access threats.

@PravinJ Thanks, for the information.
Much appreciate it.