Hi, currently i able to punchout from SAP Ariba to my platform with the start page URL ("example.com/sid?=123456") using .NET microservice. The setup request is stored in an cache with the session id key on my backend. I would need to extract the sid from the website frame url and retrieve the request in order to access the buyercookie and browserFormUrl for my punchoutordermessage cXML. However, i am unable to extract the session id due to security reasons. May i know how do suppliers typically store their session id to avoid this issue?