Session token in URL

Description

This application contains a session token in the query parameters. A session token is sensitive information and should not be stored in the URL. URLs could be logged or leaked via the Referer header.

Remediation

The session should be maintained using cookies (or hidden input fields).