3raser Posted May 4, 2012 Share Posted May 4, 2012 Is it possible to manually edit a SESSION (not cookie) from client side? Sort of how a user can easily edit a cookie's value. Quote Link to comment https://forums.phpfreaks.com/topic/262052-manually-edit-session/ Share on other sites More sharing options...
kicken Posted May 4, 2012 Share Posted May 4, 2012 The actual data stored in the session is saved on the server, and the users cannot see or change it. The only thing they can access is the session ID value which is stored in a cookie on their end. They could modify this, but unless the know another valid ID changing it would most like just cause them to start a new blank session. You might want to read a little bit about Session Hijacking. Quote Link to comment https://forums.phpfreaks.com/topic/262052-manually-edit-session/#findComment-1342915 Share on other sites More sharing options...
scootstah Posted May 4, 2012 Share Posted May 4, 2012 You might want to read a little bit about Session Hijacking. Here is an excellent article for that: http://phpsec.org/projects/guide/4.html Quote Link to comment https://forums.phpfreaks.com/topic/262052-manually-edit-session/#findComment-1342972 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.