Best way to prevent logged in users from messing with ID passed in query strings?

Best way to prevent logged in users from messing with ID passed in query strings?

El Forum
Guest

12-09-2009, 11:15 AM

[eluser]attos[/eluser]
My personal opinion is not to trust the client (the browser in this case). What I do is to keep the id in the session. When the user successfully logs in I set the id in the session (BTW I use database sessions) and retrieve it for every request.
I do not allow users to change their id. It's an auto-generated database field value. I see no reason to change it. What can be used is a username. This can be be changed as long as it's not taken by somebody else.

Messages In This Thread

Best way to prevent logged in users from messing with ID passed in query strings? - by El Forum - 12-08-2009, 12:55 PM

Best way to prevent logged in users from messing with ID passed in query strings? - by El Forum - 12-08-2009, 01:12 PM

Best way to prevent logged in users from messing with ID passed in query strings? - by El Forum - 12-08-2009, 01:16 PM

Best way to prevent logged in users from messing with ID passed in query strings? - by El Forum - 12-08-2009, 01:57 PM

Best way to prevent logged in users from messing with ID passed in query strings? - by El Forum - 12-09-2009, 11:15 AM

Best way to prevent logged in users from messing with ID passed in query strings? - by El Forum - 12-09-2009, 11:23 AM