Session token in URL


This application contains a session token in the query parameters. A session token is sensitive information and should not be stored in the URL. URLs could be logged or leaked via the Referer header.


The session should be maintained using cookies (or hidden input fields).