oni-kun Posted December 14, 2009 Share Posted December 14, 2009 I haven't really gotten into yet, but I was just thinking of something weird.. Lets say you have a session element $_SESSION['is_admin'].. Is that easy to modify the cookie or whatnot and change it to true? Or is it hashed or something weird or serverside.. I just never really thought about it before. Quote Link to comment https://forums.phpfreaks.com/topic/185050-are-sessions-secure-at-all/ Share on other sites More sharing options...
PFMaBiSmAd Posted December 14, 2009 Share Posted December 14, 2009 You do understand that the $_SESSION variables are only present on the server? Only the session id (usually via a cookie) that identifies the corresponding session data is in the hands of the client. Quote Link to comment https://forums.phpfreaks.com/topic/185050-are-sessions-secure-at-all/#findComment-976813 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.