Welcome Guest, Not a member yet? Register   Sign In
What's more secure than? when showing user id data
#2

(This post was last modified: 06-22-2018, 07:32 AM by Pertti.)

Is the Cart controller for open shopping basket?

Assuming one client will ever only have one basket open at any time, you could just use user_id from session, and fetch any (well, one) open carts where user_id = session user_id, and there's no need to send cart IDs back and forth via URL.

Alternatively, if carts do have IDs, you can also use session user_id with query without putting it on URL:
SELECT * FROM cart WHERE id = ID from URL AND user_id = user_id from session.

Having user_id on URL and then in session I don't think adds much to security, it's kind of checking one thing to itself?
Reply


Messages In This Thread
RE: What's more secure than? when showing user id data - by Pertti - 06-22-2018, 07:28 AM



Theme © iAndrew 2016 - Forum software by © MyBB