> > I'm already doing this. However, if I have a hidden
> > variable containing a value of the current user I'm
> > working with, that value can be changed to something
> > else and it would pass the test. However, I need to find a
> > way to determine if something like that has happened.
> > That's where my description of what I was thinking of
> > doing came from.
> Does the user have a password? You need to check if the
> password matches as well.
Yes, but that's not going to do me any good because it is
valid for one user to act on behalf of another (as a broker,
if you will). So the currently logged in user might not be
the one who's ID is in the hidden field...
Chris
