Links from Manage authentication to Test settings expose the sesskey in a GET url

Setup Login as admin Auth Navigate to Site Administration->Plugins->Authentication/Manage authentication (admin/settings.php?section=manageauths) Hover over any 'Test settings' link and confirm you do not see a sesskey paramter in the url Click on a 'Test settings' link. Confirm you do not see the sesskey parameter in the browser url bar. Remove ?auth=xxx from the URL and press enter to load the new page. Select any dropdown menu item from the list of authentication methods that have tests. Confirm you do not see the sesskey parameter in the browser url bar. Enrol Navigate to Site Administration->Plugins->Enrolments/Manage enrol plugins (admin/settings.php?section=manageenrols) Hover over any 'Test settings' link and confirm you do not see a sesskey paramter in the url Click on a 'Test settings' link. Confirm you do not see the sesskey parameter in the browser url bar Remove ?enrol=xxx from the URL and press enter to load the new page Select any dropdown menu item from the list of authentication methods that have tests Confirm you do not see the sesskey parameter in the browser url bar Logstore Navigate to Site Administration->Plugins->Logging/Manage log stores (admin/settings.php?section=managelogging) Enable the 'External database log'. Click on 'settings' for the 'External database log'. Hover over the 'Test connection' link and confirm you do not see a sesskey paramter in the url Click on the 'Test settings' link. Confirm you do not see the sesskey parameter in the browser url bar and that there is no required sesskey error. If an external database is not set up the expected error is 'External table not specified'.