/    Sign up×
Community /Pin to ProfileBookmark

Session security?

Copy linkTweet thisAlerts:
Jun 01.2007

Hi

If I set this session variable when a successful login to my site has been done:

[code=php]$_SESSION[“is_logged_in”] = 1;[/code]

and use this to see if the visitor has logged in on all pages. Is it possible for someone to set this without it being set by the server/my web page? I don’t know, open/create a file locally and set the variable somehow?

Thanks
Lubox

to post a comment
PHP

1 Comments(s)

Copy linkTweet thisAlerts:
@bokehJun 01.2007 — Is it possible for someone to set this without it being set by the server/my web page?[/QUOTE]In certain cases yes. Personally I would use a boolean and the identicality operator. Also be careful with anything that loads session variables dynamically.
×

Success!

Help @Lubox spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.19,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...