zero_ZX Posted July 4, 2010 Share Posted July 4, 2010 Hi, I have this login script, which stores the username in a session upon a successful login. I wondered if it was secure to do that? Can't the user just edit the username in the session and then be loggedin as another user or..? Link to comment https://forums.phpfreaks.com/topic/206710-would-this-be-secure/ Share on other sites More sharing options...
Alex Posted July 4, 2010 Share Posted July 4, 2010 No, the user can not edit session data which is stored on the server, as opposed to cookies which are stored client side. From what you've described there is nothing insecure there. Link to comment https://forums.phpfreaks.com/topic/206710-would-this-be-secure/#findComment-1081055 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.