I have a web site that had users table and 'login' page sends the user input to "authentication page" which checks if it's the right user and authenticates the user. Now one problem that I might be facing is, I am passing user info through the url (query string), but, how if someone changes the url, they can get into other users's data? How should I secure this? any ideas?
One soulution that I have is, passing the user info aftre hasing it (hash()) so that it's not that easy to hack/guess what info is being passed.
Just wondering if someone has a better way of doing this, any example, sample code will be helpful.