When I use postman I am returned a cookie that allows me to make unauthenticated calls into the NLU system. This leads to a vulnerable API due to session hijacking.  To test this I made a call to get a list of models, removed my auth head, and made a successful get models call.
Why is it useful?
|Who would benefit from this IDEA?||As a user I want to NLU to validate all request headers and not cookie data.|
How should it work?