Comment 13 for bug 131165

Why can't you use an HTTP header when you redirect with the token, since that would avoid a POST and not garble the URL. An easier solution would be to only display the message and remove the info from the session/cookie when the user goes to the page associated with that message. For example, the first bug redirect should only remove the session data associated with THAT bug post, not both.