Menu
I'm currently using the following code in my cms to check if visitor is logged in as admin so that he can edit the current page:
if($_SESSION['admin']=="1")
{
echo "<a href="foobar/?update">edit</a>";
}
But I'm worried that the code is unsafe. Can't $_session variables easily be modified by the user?
What would be a safer practice?
546
No, that's a good way to do it. The user can't modify the $_SESSION global, unless he has access to your server. Remember to stay away from client-side cookies.
To make it even more safe, a good way is to store the IP-adress and check that it stays the same between every request.
81
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
