it appears to be a nonce appended to links to prevent replay attacks and session riding... CSRF ... https://www.owasp.org/index.php/Session_Management#Page_and_Form_Tokens , Cryptographic nonce, Plack::Middleware::CSRFBlock

But stevieb appears to be a fan of sundialsvc4, so there is no way I'd ever consider using that module of his, bad company