(is there any way that i can) be sure that a specific user is really the one that is logged in and not someone that has stolen the session or credentials to access his data?