I'm currently using the following code in my cms to check if visitor is logged in as admin so that he can edit the current page: <pre class="prettyprint"><code>if($_SESSION['admin']=="1") { echo "<a href="foobar/?update">edit</a>"; } </code></pre> But I'm worried that the code is unsafe. Can't $_session variables easily be modified by the user? What would be a safer practice?

No, that's a good way to do it. The user can't modify the $_SESSION global, unless he has access to your server. Remember to stay away from client-side cookies. To make it even more safe, a good way is to store the IP-adress and check that it stays the same between every request.

Bad handling of PHP sessions variables?

I'm currently using the following code in my cms to check if visitor is logged in as admin so that he can edit the current page:

if($_SESSION['admin']=="1")
{
        echo "<a href="foobar/?update">edit</a>";
}

But I'm worried that the code is unsafe. Can't $_session variables easily be modified by the user?

What would be a safer practice?

No, that's a good way to do it. The user can't modify the $_SESSION global, unless he has access to your server. Remember to stay away from client-side cookies.

To make it even more safe, a good way is to store the IP-adress and check that it stays the same between every request.

Bad handling of PHP sessions variables?

Tags:

security

php

session

AquinasTub

1 Answers

alexn

Recent Activity

Donate For Us

Bad handling of PHP sessions variables?

Tags:

security

php

session

AquinasTub

1 Answers

alexn

Related questions

Recent Activity

Donate For Us