3raser Posted May 4, 2012 Share Posted May 4, 2012 Is it possible to manually edit a SESSION (not cookie) from client side? Sort of how a user can easily edit a cookie's value. Link to comment https://forums.phpfreaks.com/topic/262052-manually-edit-session/ Share on other sites More sharing options...
kicken Posted May 4, 2012 Share Posted May 4, 2012 The actual data stored in the session is saved on the server, and the users cannot see or change it. The only thing they can access is the session ID value which is stored in a cookie on their end. They could modify this, but unless the know another valid ID changing it would most like just cause them to start a new blank session. You might want to read a little bit about Session Hijacking. Link to comment https://forums.phpfreaks.com/topic/262052-manually-edit-session/#findComment-1342915 Share on other sites More sharing options...
scootstah Posted May 4, 2012 Share Posted May 4, 2012 You might want to read a little bit about Session Hijacking. Here is an excellent article for that: http://phpsec.org/projects/guide/4.html Link to comment https://forums.phpfreaks.com/topic/262052-manually-edit-session/#findComment-1342972 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.