Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PHP $_SESSION is server side or local?

Tags:

php

session

As I understand it a session is stored on the server side only. User id (or session id) for the session is stored in a cookie or url. So, a user, even if he or she is a super hacker, cannot locally change any $_SESSION variables that I use on my site except the session id or the user id?

like image 382
JohnA Avatar asked Dec 28 '11 00:12

JohnA


1 Answers

In most setups, the session's data is stored on the server and its identifier is stored in a cookie. If you haven't played around with settings or custom session handlers, this will be how it is for you.

like image 161
alex Avatar answered Sep 20 '22 15:09

alex