Session token in URL

  • This application contains a session token in the query parameters. A session token is sensitive information and should not be stored in the URL. URLs could be logged or leaked via the Referer header.
  • The session should be maintained using cookies (or hidden input fields).