As I understand it a session is stored on the server side only. User id (or session id) for the session is stored in a cookie or url. So, a user, even if he or she is a super hacker, cannot locally change any $_SESSION
variables that I use on my site except the session id or the user id?
In most setups, the session's data is stored on the server and its identifier is stored in a cookie. If you haven't played around with settings or custom session handlers, this will be how it is for you.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With