Justin Skolnick wrote:
(Semi-newbie.) I want to ensure a user's able to destroy only his own objects. I've set session info at login:
session[:user_id] = user.id
Is the session cookie secure? How easy is it to forge a sessionn with someone else's user.id?
--Dean
