Is it secure to pass sensitive info thru session variables?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
girishsonar
Forum Newbie
Posts: 1
Joined: Tue Mar 03, 2015 11:24 pm

Is it secure to pass sensitive info thru session variables?

Post by girishsonar »

I am trying to pass username and password and also userid thru session variables. However before sending i am encrypting it. Is it possible that this info be intervened? Is it secure?
Else what is most secure method?
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Is it secure to pass sensitive info thru session variabl

Post by Celauran »

Sessions are stored server side, which helps. You probably don't want to be passing people's passwords around.
Post Reply