NB: This is the sixth post in a series
[https://www.coffeeonthekeyboard.com/best-basic-security-practices-especially-with-django-697/] of
posts on web application security.
1. Don’t put session IDs in the URL. Django explicitly does not support
[https://docs.djangoproject.com/en/dev/topics/http/sessions/#session-ids-in-urls]
this because it’s just dangerous.