Is there any risk in storing a monetary value in a Session variable? I'm working on a voucher scheme and want to take an amount off a total at checkout and wasn't sure if it was okay to do it this way rather than deduct the value by using the field in the database with that value stored in it. I will kill the session once done but wanted to know of any pitfalls there might be.
Thanks
Session Variable question
Moderator: General Moderators
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Session Variable question
The risk of storing variables in the session is that someone could access the stored values. This is mostly of concern on shared hosting when using file based sessions.
(#10850)