When I use postman I am returned a cookie that allows me to make unauthenticated calls into the NLU system. This leads to a vulnerable API due to session hijacking.  To test this I made a call to get a list of models, removed my auth head, and made a successful get models call.
|Who would benefit from this IDEA?||As a user I want to NLU to validate all request headers and not cookie data.|
NOTICE TO EU RESIDENTS: per EU Data Protection Policy, if you wish to remove your personal information from the IBM ideas portal, please login to the ideas portal using your previously registered information then change your email to "email@example.com" and first name to "anonymous" and last name to "anonymous". This will ensure that IBM will not send any emails to you about all idea submissions