I'm new to Laravel and building a site for multiple users which on one of it's pages lists items related to the logged in user, allowing the user to click on an item and then on the next page, view or edit the details. Very simple concept, but I'm wondering when the details page is served by Laravel, how to simply and securely know which item was clicked and display the details for the correct item.
The obvious way to solve this is just to specify the item's primary key ID in the URL for the details page - i.e. for each item in the list on the first page, and then specifying a route that uses that to return the correct item:
Route::get('/itemdetails/{ID}', 'MyController@showitemdetailspage');
then obviously using the specified ID to do a database lookup. Trouble is, this is completely insecure, i.e. any user could try out different numbers in the ID field and access other user's item details.
So how I do this securely in Laravel in a way that a user can't spoof an ID etc? I'm thinking something with sessions or a hash of the ID or something but not sure how to actually implement this.
As I'm new to this, source code or specific details much appreciated!
Many thanks.
via Alex Kerr
