You conflate several things and construct a problem where there is none:
* yes, auto-incrementing session IDs are bad and downright stupid. Noone ever does this (right?).
* information leakage about the number of jobs per month or similar is not a problem unless you're trying to maintain some sort of illusion about your company / web page, which hopefully most people/companies won't do (they have no good reason, unless they're crooks). Nowdays archive.org will take many snapshots of web pages, so will Google and any visitor can do it, so why try to hide something obvious?
In general, it's not an anti-pattern: it's fine for products in online shops, properties on real estate platforms, blog entries, etc.. To avoid it there would simply mean to make URLs longer and uglier with no good reason.
I am not sure what you guys mean by “session id”—an identifier for the session, or an authentication mechanism? I have used systems where the session id was auto incremented, but there was a separate signature (in the cookie) verifying that the user “owned” that session.
* yes, auto-incrementing session IDs are bad and downright stupid. Noone ever does this (right?).
* information leakage about the number of jobs per month or similar is not a problem unless you're trying to maintain some sort of illusion about your company / web page, which hopefully most people/companies won't do (they have no good reason, unless they're crooks). Nowdays archive.org will take many snapshots of web pages, so will Google and any visitor can do it, so why try to hide something obvious?
In general, it's not an anti-pattern: it's fine for products in online shops, properties on real estate platforms, blog entries, etc.. To avoid it there would simply mean to make URLs longer and uglier with no good reason.