08-05-2007, 01:38 PM
I 've created a table named "users" in a database which includes several fields (id, username, password and level are the important ones) and I was wondering which of these 4 values I should store in $_SESSION. For example, if I store the level of a user that visits my website and he change that value after editing the cookie I send him, could he gain privileges that he shouldn 't have? Would a solution to that problem be confirming the data stored in $_SESSION with those in the database? And if yes, is this the aproppriate way of solving that problem? Thnx in advance.