I want to know what is the best approach for preventing URL Jumping / URL Tampering Attacks
Example
updateprofile.php?uid=1
I can change to
updateprofile.php?uid=2
I can update the second user's profile without logging in into his or her account.
So how I can prevent this type of attacks? By using Session variables? Encrypting the data through the URL?
I am sure sessions are vulnerable to XSS or Session Hijacking Attacks.
So what is the best approach for this? Coding approach etc.