The file Export function from report viewer control uses session id in its url, like heightlighted below:
http://domaim/Reserved.ReportViewerWebControl.axd?ReportSession=sessionidXXXXXXXXX&Culture=2057&CultureOverrides=True&UICulture=2057&UICultureOverrides=True&ReportStack=1&ControlID=2c3de8dad69842d7bed6bd7b755784bb&OpType=Export&FileName=FileNameToExport&ContentDisposition=OnlyHtmlInline&Format=CSV
User clicks Export -> required file format -> file downloaded -> the link above is for the file downloaded.
I want to find out if the session id will expose security risk. If so, if it is possible to remove the session id from url, or a more secure way to allow download.
Thanks in advance.