Session token in URL

Hi, I am getting a vulnerability report with my application where it shows the access tokens and session tokens which is embedded in URL leading to an information disclosure vulnerability.

Need some help and suggestion on getting this addressed.