Page 1 of 1

session variables and security!

Posted: Thu Apr 06, 2006 1:54 am
by aigarzzz
i must make web site with high security level and i wanted to know how secure are session varibles?
After user logon i make some $_SESSION where i define user statuss, for example $_SESSION['hasModerationRights']. In every php page i put in the first line:
if($_SESSION['hasModerationRights']!=1) die();
or

if($_SESSION['hasModerationRights']==1)
{
print secure info through OOP function
}

If there is possibilities how malicious site user who has $_SESSION['hasModerationRights']==0 could make this session varible to 1?

Posted: Thu Apr 06, 2006 2:09 am
by feyd
they are as secure as whether your session files are stored as files and whether your server is a shared host and/or how secure your server is.