"During the Security testing of moodle site, it was observed that sensitive data was exposed in:
1. Session key was sent in URL
2. user email id was present in the cookie parameter"
"1. Sensitive Data in URL - https://mydomain/lib/ajax (all URLs starting with /lid/ajax)
2. email id was exposed in 'nv_user' parameter in Cookie."
How to remove sensitive data from URL and cookie parameters in moodle?