T
Tim Almond
I am currently building a site, and we have a number of users that can have
a particular priveledge, but each user has their own set of cases that they
can update (identified by case ID).
When the user clicks on a case, it needs to pass this to an 'update case'
form.
I want this to be secure, so that users can't spoof a message and update
someone else's case. In old ASP, I would pass it in the querystring and
revalidate the ID at the other end against their session ID.
a particular priveledge, but each user has their own set of cases that they
can update (identified by case ID).
When the user clicks on a case, it needs to pass this to an 'update case'
form.
I want this to be secure, so that users can't spoof a message and update
someone else's case. In old ASP, I would pass it in the querystring and
revalidate the ID at the other end against their session ID.