Encoded URLs
Perhaps you are wondering if making this sort of information visible in a URL is such a good idea. Exposing film IDs probably doesn't make much difference, but bank account numbers would be a different story.
Fortunately, Caché can automatically encode data in URLs when a page is sent to the browser and, subsequently, authenticates that data when another page request is received.
Here's what a URL for the ShowTimes page really looks like. (In the preceding examples, encoding was turned off.)
Instead of FilmID=5, we see CSPToken=jnjrXmwbH.... This ensures that the user does not tamper with the values or use them to infer internal details of the application.