How do I stop someone changing their Cookie?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: How do I stop someone changing their Cookie?

Post by simonmlewis »

And then for admin pages I just say:

Code: Select all

<?php
if (isset($_SESSION["loggedin"])) {
        $email = $_SESSION["email"];
        $firstname = $_SESSION["firstname"];
        $userrole = $_SESSION["userrole"];

if($userrole == "administrator") { echo "Yes you can edit";}
}
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: How do I stop someone changing their Cookie?

Post by requinix »

Basically, yes.
simonmlewis
DevNet Master
Posts: 4435
Joined: Wed Oct 08, 2008 3:39 pm
Location: United Kingdom
Contact:

Re: How do I stop someone changing their Cookie?

Post by simonmlewis »

Think I've got it.
So when I now do "show cookies", I can see PHPSESSID in Firefox's cookies, but no data, no names. So much safer and more secure.
Just toying around with things at the moment, but it does give me more confidence at it.

I always thought Cookies were the best way to store logins, but clearly not. Thanks.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
Post Reply