currently I am learning and following a chat app tutorial, for the match making situation, when I put two users (connectionUser, currentUser) into one chat room, my idea is make a roomId consist of two userId, and from client side when the state of user is chatting, he can remove himself from waitingRoomList.
Im not clear about security issue, is that possible, one hacker knows the fetched roomId and his own userId, so he also knows the connectionUserId, and then he purposely changed his Id to connectionUserId, so he has ability to remove any user from waitingRoomList?
