I've published my app on web, and when I need to pass parameters from one page to another, these parameters are explicitly included in the URL, which can be manipulated by users, allowing them to access pages that they may not have permission to view. I would like to know if there are any alternatives to this approach, as otherwise, my app could face serious security issues.