This question is related to this previous SO question: Is there a security difference between
sending parameter over https (using TLS) 1) as part of the URL-path (i.e. /api/resource/parametervalue ) 2) As a query argument (i.e. /api/resource?parameter=value ) 3) as a form parameter?
specifically if sending a sessionid as the parameter?
I'm not sûre I have well understood the question, but none of those is safer than the other. Anyone could write whatever he wants in the URL or the form. You would have such a variable : $_GET['var'] or $_POST['var']containing exactly the same string.
The danger is when you use the variable.
See this thread : Is either GET or POST more secure than the other?
None of the three methods you mention are safer than the other as the data in all three methods reside within the HTTP content.
If you want enhanced security send the data over a secure protocol such as HTTP Secure
