Menu
Hi,
I’m incorporating a simple private messaging system into a site i’m working on and am trying to find a way of ensuring that the person requesting to view any given message (pulled from a db) is actually the recipient of the message.
For instance, if the link to view the message comprised of a url variable equal to the messageID then anyone could use the same url to view any message simply by changing the messageID.
Is there a common solution to this?