[eluser]CIfan1000[/eluser]
Dear Colin and jeremyapp,
Thank you both for your quick and as usual very helpful suggestions.
Passing the profile ID in a session variable is certainly a good idea.
However, being a newbie at this, I am not sure how to implement it. Please allow me to explain:
I have a "my listings" page where a user can see their listings. The way I was thinking of designing it was to have an edit link for each listing. E.g:
Listing 1 details.......
Edit >>
Listing 2 details......
Edit>>
I do not know, and am unable to imagine, how to set a session variable with the listingID when the user clicks on the appropriate Edit>> link.
The reason, so far, I was thinking of passing the listingID in a URI to a controller is because I can set the LIstingID as part of the URI in each Edit>> link.
If someone could please explain to me how to:
1) Have this functionality using a ListingID in a session variable (as jeremyapp suggests)
and/or
2) Using the listingID in the URI (as Colin suggests) and have it be secure
The way I am thinking of handling option 2) is: I store the UserID with each listing in the table that has the listings, and after authentication/login I store the current UserID in a session variable.
Then, during an edit for a listing, I can check that the session UserID is = UserID in the table for this listing. This way the user could only edit their own listings, even if they typed in a different URL in the address bar of their browser. Do you have any other suggestions Colin?
Thank you both in advance for your time, interest and effort!