session variable php login realm -
I wonder if it is possible to change / set / delete your session variable as a user.
I am thinking again how to login in PHP. The way I am doing this now is that I check whether a certain session variable is set or not. However, it can break if someone can change their session variables.
Given that you do not want a user to actively change this data, The law / form (inadvertently or actively) is not They should not be able to change their username etc.
Since the session data is stored on the server, yes, they will work hard to set themselves up. If register_globals are on, this may be a possibility, but for this other conditions will also need to be corrected
But not entirely, no user can not change session data by then Until you give them the means.
Comments
Post a Comment