I have a web app that uses session authentication. Someone has sent me an email with some data from inside this web app, and he claims that he bypass the login page very easily.
How can he do so ? and how do I prevent him and anyone else doing this again?
I'd be very grateful if someone could help.