OT: Tracking user

Just a question for opinions -
In the past developing with php (not that it should matter) , when
preparing data for a user I generally set the query to filter not only
by user.id but also by user.username. To me it just seemed to add a
little more redundancy in the event some hacker figured out a way to
login with someone elses id.
Is this strategy something that makes sense in Rails as well ? Or in
any web application ?
Of course when they log in they must with their username and password.

TIA
Stuart


This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs