Hope someone can help thanks
Session security question
Moderator: General Moderators
-
JonnySnip3rz
- Forum Newbie
- Posts: 4
- Joined: Sat Apr 17, 2010 8:28 am
Session security question
Hey guys, im pretty new to php programming so no flaming haha! Iknow that sessions are stored on the server, however im wondering this. I have created a login and a while loop pulls the info from the database where username = username blah blah anyways i store carious information in sessions i store the users Full Name, Users Email, Username and their rank. if their rank is 0 then they are standard member else admin now can a user change their session values so they could change it to maybe 1 and then they would have admin sstatus is this safe or is there a better way of doing this?
Hope someone can help thanks
Hope someone can help thanks
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: Session security question
You could set the rank of admin (or normal user) in a database and with each 'authorization' check see if the value retrieved from the database matches the value set in a session variable. In the event of someone tampering with the value and if a match between database value and session variable cannot be found, you inform the user.
Naturally this wouldn't be the only check but an additional precaution against such tampering.
Code: Select all
<?php //retrieve value from database
if ($_SESSION['rank'] != $rankFromDatabase) {
//do something
} ?>“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
-
JonnySnip3rz
- Forum Newbie
- Posts: 4
- Joined: Sat Apr 17, 2010 8:28 am
Re: Session security question
Thanks dude
for the reply!