Page 2 of 2

Re: How do I stop someone changing their Cookie?

Posted: Tue Dec 03, 2013 1:45 pm
by simonmlewis
And then for admin pages I just say:

Code: Select all

<?php
if (isset($_SESSION["loggedin"])) {
        $email = $_SESSION["email"];
        $firstname = $_SESSION["firstname"];
        $userrole = $_SESSION["userrole"];

if($userrole == "administrator") { echo "Yes you can edit";}
}

Re: How do I stop someone changing their Cookie?

Posted: Tue Dec 03, 2013 2:33 pm
by requinix
Basically, yes.

Re: How do I stop someone changing their Cookie?

Posted: Wed Dec 04, 2013 4:13 am
by simonmlewis
Think I've got it.
So when I now do "show cookies", I can see PHPSESSID in Firefox's cookies, but no data, no names. So much safer and more secure.
Just toying around with things at the moment, but it does give me more confidence at it.

I always thought Cookies were the best way to store logins, but clearly not. Thanks.