Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New to the CF scene
    Join Date
    Jan 2007
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Values stored in $_SESSION / security

    I 've created a table named "users" in a database which includes several fields (id, username, password and level are the important ones) and I was wondering which of these 4 values I should store in $_SESSION. For example, if I store the level of a user that visits my website and he change that value after editing the cookie I send him, could he gain privileges that he shouldn 't have? Would a solution to that problem be confirming the data stored in $_SESSION with those in the database? And if yes, is this the aproppriate way of solving that problem? Thnx in advance.

  • #2
    Regular Coder
    Join Date
    Jul 2007
    Location
    United Kingdom
    Posts
    159
    Thanks
    2
    Thanked 15 Times in 15 Posts
    As far as I am aware you cannot forge a session or modify it externally. So generally the user level stored in the session would always be correct, but if you definitely want to be secure then checking the session variable with the database would be fine.


    ~Jordan


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •