1. I am not passing parameters through a JSP/Servlet. I am calling web tool of the application to set a URL with parameters, i.e :
http://localhost/test.jsp?user=abc&det=rrrr.
In this case if user can copy the URL and modify some parameters and it can be used again with the changed parameters. If I would have been sending the parameters through Html/Jsp page then can use the POST method.
How to terminate the session if the URL is tampered with ?