Hello I am currently using Sessions to store the logged on user. An example of what I am doing is, ff the user eqauls "Noah" then the user has more access on a page.
Are Session variables safe? Or can they be manipulated?
Printable View
Hello I am currently using Sessions to store the logged on user. An example of what I am doing is, ff the user eqauls "Noah" then the user has more access on a page.
Are Session variables safe? Or can they be manipulated?
Session variables cannot be directly manipulated. Sessions themselves can be 'hijacked' through various means. Make sure you have no CSRF or CSS vulnerabilities in your code.