Back in December 2006 Jordan Holt, a well known .UK dropcatcher, posted on Acorndomains explaining a large flaw in the way Sedo handles login information. A day later a Sedo representative replied saying that they were aware of it and that:
"We will be switching to Cookie sessions in the near future to do away with this problem, as we certainly want to make sure our system is as secure as possible. Again, thank you for bringing this to our attention. Tech’s working on the solution right now."
Nine months later a similar theme emerges in another thread, where Sedo’s use of session data in URL’s is called into question. Sedo again post a reply mentioning it is being passed to their technical team, and that the techies reply is ‘read our terms and FAQ - dont copy and paste urls!’.
A fix has been promised inside the next few weeks, however we will no doubt be revisiting this in the new year. Which year we do not know…