I have been tasked with fixing a XSS vulnerability that takes advantage of the cookieless session feature in ASP.Net 1.1. The attack could be done like so:
