Lab: User ID controlled by request parameter, with unpredictable user IDs