thank you for your answer. Sure that works, but what i mean is that the website and web app is issued by the same entity running the mint.

So it could log whatever is pasted into the text area as a ecash token and therefore should be able to log the sender and the receiver of the token on a application level, even before it is sent back to the mint to redeem it or not?