Menu
Possible Duplicate:
PHP Can a client ever set $_SESSION variables?
What I'd like to know, is whether a PHP $_SESSION variable can be changed on the client-side. If, for example, I do $_SESSION['username'] = $username; Can someone somehow change the value of my $_SESSION['username'] variable?
893
Update Session Variable in PHP To update any value stored in the session variable, start the session by calling session_start() function and then simply overwrite the vakue to update session variable.
Yes,The Session can be manipulated by a user client side, first of all i suggest you to use HTTPS and not HTTP. Next you can use tokens with a limit time for each operation you do.
Cookies and sessions are both vitally important since they record the data that the user has provided for a variety of purposes. Cookies and Sessions are used to store information. Cookies are only stored on the client-side machine, while sessions get stored on the client as well as the server.
Session variables can be accessed on the client side. For example you could check the value by calling: alert('<%=Session["RegisterId"] %>'); Anything between the "<%" and "%>" runs at the server so it will evaluate the current value of the session.
The contents of the SESSION superglobal cannot be changed. This lives on the server and the client has no way to access this.
However, a session id is passed to the client so that when the client contacts the server the server knows which session to use.
This value could be changed (See Calums answer for preventing this See http://php.net/manual/en/session.security.php for information). Which would allow a user to use someone elses session (but not change the value of the session).
107
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
