So I always wondered this, probably a bit dense.
Let's say I've got a url string http://somelink.php?id=7
And that takes the user to another page which gives them access to something private.
But what is to stop the user replacing the 7 with say an 8 (manually editing the url string), thus taking the user to another page that is private but the system shouldn't be allowing that user to view?
Should I also be validating with a session id as well?
Thanks in advance.