On Thu, Oct 24, 2019 at 09:39:04PM -0400, Mike Gerwitz wrote:

thanks for your good overview... a question

> Passing session tokens via GET requests is a bad idea, because that
> leaks the token.

Even in https?

Cheers
-- t