1. User logs into SAP Portal with defined userid/password
2. Portal has a hyperlink, that when clicked navigates the user to our application (some xyz say) in a new window. Internally Portal sends
a GET request, appending the userid given in step 1 onto URL, to our application deployed on WebSphere Process Server. URL shown
on the new browser window is in encrypted form but when user opens up a blank window and types the starting characters of the
actual URL of our application it is shown along with the userid parameter appended to URL. If this is the case then users can change
the userid value and can misuse the application. Please provide any suggestions to overcome this misuse..
Note: We have tried a POST request from SAP Portal but we are unable to read the userid parameter