If yes, session verification requires: - sAccessToken cookie - sIdRefreshToken cookie - a header called "rid" There is nothing that is added to the request body.