A replacement for session variables

[Lamez]

ok, I am working on my ELC again, and I am working on the blacklisting part. Well I am tying to hide the url that is blacklisted, and if I use a session variable, then you can just look in your cookies and find the url. I am dealing with multiple pages, so I need a way to carry variables through different pages. How?

 

Thanks Guys!

[JasonLewis]

Huh? Isn't session data stored on the server? Clients have no access to session data, only to cookie data.

[Lamez]

Well I am fairly new to php, so I do not know. So if I set a session variable, there is no way a user can see its contents.

 

example

<?php
$_SESSION['var'] = "google.com";

echo $_SESSION['var'];

?>

so using something like that will not give a user access to the information that is stored in the session variable var?

[xtopolis]

Users cannot see $_SESSION contents unless you show it to them, or possibly your server crashes and outputs.

 

Your script will only show the user "google.com"

[JasonLewis]

Yeah, what xtopolis said. Cookie data is stored on the client machine and is viewable by clients, etc. Session data is stored on your server and cannot be accessed by clients. So it would be perfectly safe for you to use sessions.

[taith]

the only thing that sessions store on the computer, is a cookie,  with the session_id()... that cookie is read by the parsing generator, and looks in the protected file on the server to grab the information...

 

while the user can access the sessid... then have NO ACCESS to the session data, outside of when php's being parsed(your controls)...

[Lamez]

thanks guys for the information!