In my case the data was visible in the URL - they had chosen to not store use session specific data in the DB or cookie or anything sane like that, but to pass it to the page in the URL path by converting a dict to a string/
Git blame shows the same thing done in two different places and the line edited by at least two different people.
Git blame shows the same thing done in two different places and the line edited by at least two different people.