Matching session cookie is now required to verify a GUI access tokens (they are used behind the scenes by the Onedata web applications), which increases security.