Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
we have an app where the user get there own userspace an can create entries without login.
we generate an dynamic link
Like
localhost://apps/{owncode}/userspace
The owncode is calculated by us an the code will saved into the database
The user can add entries for his userspace.
localhost://apps/{owncode}/entries/new
How can I compare (check is its correct} the {owncode} from the database with the url. Because we want to catch if someone call the url by try and error.
You can’t check that without forcing the user to log in. You should also not be using anything in the URL to identify their “userspace.” It should all be tucked away in the session, associated with the logged in user’s account.
If you at least want to make
owncodehard to guess, you could generate a ridiculously long hashed string. But this is not recommended, it would not guarantee any security, and users could still try and guess the strings for other “userspaces” without your app being able to do anything about it.