vijdev Posted August 9, 2010 Share Posted August 9, 2010 after authenticating username and password,i have a parameter like: $_SESSION['logged']=1 should i be storing this as a cookie?..if yes, then can anyone modify cookie, to have this parameter as "1", and gain access? Quote Link to comment Share on other sites More sharing options...
gizmola Posted August 9, 2010 Share Posted August 9, 2010 No, you should use sessions. Sessions already default to using cookies to pass the session id between requests, but the session data remains on the server, so there's no way the user can tamper with it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.