Hi,
I have a piece of server code include two parameters. One is token, and the other is user id. This code is used to query someone's own data in database, how to prevent user to pass an user id of the others, so he/she can easily see the data of the others.
If I can retrieve the user id that the token represented, I no longer need user to pass user id as a parameter. Is it possible for developer to retrieve the user info via a token string?