oni-kun Posted December 14, 2009 Share Posted December 14, 2009 I haven't really gotten into yet, but I was just thinking of something weird.. Lets say you have a session element $_SESSION['is_admin'].. Is that easy to modify the cookie or whatnot and change it to true? Or is it hashed or something weird or serverside.. I just never really thought about it before. Link to comment https://forums.phpfreaks.com/topic/185050-are-sessions-secure-at-all/ Share on other sites More sharing options...
PFMaBiSmAd Posted December 14, 2009 Share Posted December 14, 2009 You do understand that the $_SESSION variables are only present on the server? Only the session id (usually via a cookie) that identifies the corresponding session data is in the hands of the client. Link to comment https://forums.phpfreaks.com/topic/185050-are-sessions-secure-at-all/#findComment-976813 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.