diff --git a/lib/session.ts b/lib/session.ts
index 29ff694f..2725f04c 100644
--- a/lib/session.ts
+++ b/lib/session.ts
@@ -30,6 +30,13 @@ export async function findSession(req: NextApiRequestCollect) {
   // Verify payload
   const { website: websiteId, hostname, screen, language } = payload;
 
+
+  // Check the hostname value for legality to eliminate dirty data
+  const validHostnameRegex = /^[\w-.]+$/;
+  if (!validHostnameRegex.test(hostname)) {
+    throw new Error('Invalid hostname.');
+  }
+
   if (!validate(websiteId)) {
     throw new Error('Invalid website ID.');
   }