is it smart enough to use session id to identify user ?
Posted: Sun May 21, 2006 6:25 pm
is it smart enough to use session id to identify user when he wants to change his user details.
For example, if i read the username value from the cookie and then alow user to change data on his page can someone else put some username in a cookie on their machine and then modify other people's info?
I was thinking about storing the session info in the table and then to compare if username in the cookie matches the active session ID i have in the table?
what do you guys think?
For example, if i read the username value from the cookie and then alow user to change data on his page can someone else put some username in a cookie on their machine and then modify other people's info?
I was thinking about storing the session info in the table and then to compare if username in the cookie matches the active session ID i have in the table?
what do you guys think?