> > Why not directly include the application name in the URI? > Your proposal opens up the door for someone to inject a link [...] Sorry, I meant to say: directly including the application name in the URI would open up this door to attackers. This is a much more important reason than the one you brought up. e.