Lets say I have a session based login system:
username = session[:username] (jochen)
userid = session[:userid] (1)
Now I want to book a room:
But when I type
I can book a room for a different user.
Whats the prefered way to deny success to urls including a userid so
that I can only
access these url which include my userid?