This question is related to this previous SO question: Is there a security difference between
sending parameter over https (using TLS) 1) as part of the URL-path (i.e. /api/resource/parametervalue ) 2) As a query argument (i.e. /api/resource?parameter=value ) 3) as a form parameter?
specifically if sending a sessionid as the parameter?