5 Replies Latest reply on Jun 9, 2007 12:04 PM by Günter Schenk

    I can change records of another user after login


      I made a login system en that all works fine.
      A user is logged in and is directed to the list with only his records.
      He wants to edit one of his records and presses the edit button.
      The list and the form pages use the "Restrict access to page" server-behaviour.
      Now he's in the form to edit his record and the address shows for example: www.example.com/exampleform.php?id_occ=455
      If he changes "id_occ=455" to id_occ=250" he can change the record of another user.
      How can I prevent this?