Better way to identify a user in a url

Question

I have written this other question Is it secure to put the user id as a url parameter?

But I have doubts, I don't know in terms of security what is the best way to identify a user in a social network in a url so that it is bookmarkable.

For example:

https://url?user= user name + unique number
https://url?user= user id
https://url?user= unique nickname
¿any other?

The last one would be a unique nick name different from the Name and Surnames.

Well Facebook is using the following: www.facebook.com/Name.Surname.Unique Number - so I would assume it's a pretty good way to do it. — Danieboy, Jul 24 '16 at 16:06
I am thinking on using name.surname.uuid but uuid's are very large — Aliuk, Jul 24 '16 at 16:34
That's incredibly long for an ID. Maybe you should add some auto-incrementing ID for users that you only use for this purpose. — Danieboy, Jul 24 '16 at 16:42

score 0 · Answer 1 · answered Jul 24 '16 at 19:28

As long as the user's unique name is constant (and not changeable) , then you can very well use that in the URL, security is not concern here unless you don't reveal sensitive informations.

But if you don't have any unique names , then you can use any hashed form of Ids in the URL , from which you can able to identify the user, like:

site.com/user/hash(id) , something like that to get short urls , if Id is random you can use that too

Better way to identify a user in a url

1 Answers1