When the user logs in, he or she is directed to user.php. Their user id is passed through a get parameter (Example: user.php?user=1). When they log in, a session value is set ($_SESSION[‘session_user_id’]). If the user id matches the session, then information is pulled from the database according to that user.
Now, is this an unsafe practice? Should there be a page or each user (Example: user/janedoe.php)? Or is this ok?