Jump to content

[SOLVED] Is $_SESSION['insertname'] saved server side or client side?


Fog Juice

Recommended Posts

I have a security question, is $_SESSION['insert value here'] saved on the server side or client side? Can a user ever edit or change a $_SESSION value? Can they ever see anyone elses $_SESSION value?

 

So for example, say a user logs in with $_SESSION['userid'], can that user ever change the $_SESSION['userid'] value to someone elses id?

 

Thanks in advance.

its server side, it can't be changed by playing with the URL or whatever.

 

so there is absolutely no way client side can change it? Not even through dirty/hacked up browsers that are used to try and maliciously change code of websites?

Unless you allow it, it cannot be changed.

 

-If you have a form that sets a variable of $_SESSION['insert..'] then it's possible they can overwrite it if you allow them to access the form improperly.

-The same can be said if you check $_GET vars, etc.

 

So unless you leave a hole, no they can't change it.

 

 

However, if someone was to gain access to someone else's session, they would have their session values.

Unless you allow it, it cannot be changed.

 

-If you have a form that sets a variable of $_SESSION['insert..'] then it's possible they can overwrite it if you allow them to access the form improperly.

-The same can be said if you check $_GET vars, etc.

 

So unless you leave a hole, no they can't change it.

 

 

However, if someone was to gain access to someone else's session, they would have their session values.

 

How could someone get access to someone else's session? Other than holes on the form/using get... I am using post btw.

really the only way someone could access someone elses session, is if you store session info in a database as well. Even though even that would be unlikely they would be able to get a hold of the info.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.