Using the session data is fine, but no need to put it as a hidden field, in fact that's a bad idea as anyone could look at source and see the users id or worse change their user id value with FireBug and add items to another users account.
Just inject the user_id into $this->data in the controller before saving. HTH, Paul @phpMagpie On Sep 18, 4:35 am, Media Affect <themediaaff...@gmail.com> wrote: > I am trying to determine the best way to grab out the signed in > user_id for adding items to another belongsto table. Is it ok to use > the session data for this? > > I could easily use this as a hidden field in the form data. > $session->read('Auth.User.id') ? > > But, does this belong in a controller? What is the best and most > secure way to do this? > > I have a Users table with id, name and password > I have a Authors table with id, user_id, address, city, state, zip > > Users won't be able to access each others account data. So after > baking the app I would remove the User.name dropdown. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php