Remove password from URL after initial processing

When using the “Passing the password via URL” functionality (e.g. via pw or pwe parameters), it would be helpful if the system would:

1. Read and process the password from the URL on the initial request
2. Immediately redirect to the same URL without the pw / pwe parameters

This would ensure that the password is no longer visible in the browser address bar after it has been used.

I understand that this does not provide real additional security, since the password has already been transmitted. However, it would improve usability and reduce the likelihood of casual users copying or sharing the URL with the password still included.

For proper security, mechanisms like TOTP or a more robust authentication flow would of course be preferable. This suggestion is mainly intended as a UX improvement rather than a security feature.