*Working on a project with boss, I am working on a mobile app, he is working on web service app.

Me: this service takes user id as parameter to get all account details (all other web services are like that)

Boss: yes, I use the id to filter the data.

Me: but by this, everyone has the id can do anything ! why we do not use session token?

Boss: this is a detail, it is not important !


*7 years of experience my ass

Add Comment