i know its a good idea to pass variables using sessions.
But take this simple instance for example:
an un-subscribe button on the bottom of a junk email which everyone has seen, unencrypted would be something like:
You couldnt pass that through a session?
obviously anyone could go through every number and unsubscribe everyone.
in reality, these are encrypted at the bottom of junk emails, so you cant just un-subscribe everyone.
There are a number of ways to encrypt this, but what is the best method with regards to what you store and reference to in the database also.
If you use hashed user_id's wouldnt your database grow in size dramatically? compared to numbers. also if you do store hashed user_id's what creates the user id if you dont use an auto_incremented int column? are they created randomly? howabout if you get a duplicate?
its just a little blurry in my head at the moment, ive never needed to encrypt variables passed via a url before, so if someone could give me a hint, it would be cool.
bearing in mind i dont want my database to grow 10 times larger just because i want to protect one little passed variable! there must be a simple solution that everyone uses?
please, tell me if im thinking about this in completely the wrong way. lol