Ulf Dittmer wrote:I don't think that's such a good idea, either.
Agreed. That is why I said simplest way of doing it was passing the ID. Here I made the assumption that the ID is displayed on the page.
It is actually based on the requirement how much complexity can be added. But yes a secure and robust implementation would be more like what you said.