Open Redirection

So, recently i encountered an application which was really secure against XSS.

How many issues can one parameter suffer from:

1. Open redirection
2. Session ID in the URL
3. Session Hijacking by combining 1 and 2

Oh but, really safe against XSS! :)