Encoded URLs
Perhaps you are wondering if making this sort of information visible in a URL is such a good idea. Exposing film IDs probably doesn't make much difference, but bank account numbers would be a different story.
Fortunately, Caché can automatically encode data in URLs when a page is sent to the browser and, subsequently, authenticates that data when another page request is received.
Here's what a URL for the ShowTimes page really looks like. (In the preceding examples, encoding was turned off.)
![generated description: encodedurls 20111](images/tweb_encodedurls_20111.png)
Instead of FilmID=5, we see CSPToken=jnjrXmwbH.... This ensures that the user does not tamper with the values or use them to infer internal details of the application.