I have things setup such that when a user logs in a session is created. And if i give a user the ability to view his information it will occur at a url like: /test/users/view/5 -where 5 is his user id
My question is how am I able to restrict the user from altering the url to say /test/users/view/6 and them having the ability to pull up another users info? Is this an ACL issue where I would have to create an Aco for each user that would allow only that specific user to read their profile? That would make the aro / aco tables pretty big as your site grows...? Am I missing something here? Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
