Menu
Is it possible for an malicious user to set the $_SESSION (in php) variable to any value he wants?
538
Session variables on the client are read-only. They cannot be modified. In order to change the value of a session variable, an Ajax Callback is required. Similarly, if a session variable changes on the server, it will not be updated on the client until an Ajax Callback is made from the client.
To update any value stored in the session variable, start the session by calling session_start() function and then simply overwrite the vakue to update session variable. We just updated the value of userid in the session variable from 1 to 1111.
Session information is stored on the server. That means the user can not change it.
Double-click a cell in the Key or Value column to edit that key or value.
Highly depends on your code. Something very obvious: $_SESSION['username'] = $_REQUEST['username'].
77
Yes, by using another user's session data, as shown here: http://phpsec.org/projects/guide/4.html
26
It depends on how you set the sessions variable. An user can exploit the way you set them.
The most common attacks with sessions is session fixation : http://en.wikipedia.org/wiki/Session_fixation
3
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
