session variables and security!
Posted: Thu Apr 06, 2006 1:54 am
i must make web site with high security level and i wanted to know how secure are session varibles?
After user logon i make some $_SESSION where i define user statuss, for example $_SESSION['hasModerationRights']. In every php page i put in the first line:
if($_SESSION['hasModerationRights']!=1) die();
or
if($_SESSION['hasModerationRights']==1)
{
print secure info through OOP function
}
If there is possibilities how malicious site user who has $_SESSION['hasModerationRights']==0 could make this session varible to 1?
After user logon i make some $_SESSION where i define user statuss, for example $_SESSION['hasModerationRights']. In every php page i put in the first line:
if($_SESSION['hasModerationRights']!=1) die();
or
if($_SESSION['hasModerationRights']==1)
{
print secure info through OOP function
}
If there is possibilities how malicious site user who has $_SESSION['hasModerationRights']==0 could make this session varible to 1?