session variables and security!

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
aigarzzz
Forum Newbie
Posts: 9
Joined: Thu Apr 06, 2006 1:43 am

session variables and security!

Post by aigarzzz »

i must make web site with high security level and i wanted to know how secure are session varibles?
After user logon i make some $_SESSION where i define user statuss, for example $_SESSION['hasModerationRights']. In every php page i put in the first line:
if($_SESSION['hasModerationRights']!=1) die();
or

if($_SESSION['hasModerationRights']==1)
{
print secure info through OOP function
}

If there is possibilities how malicious site user who has $_SESSION['hasModerationRights']==0 could make this session varible to 1?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

they are as secure as whether your session files are stored as files and whether your server is a shared host and/or how secure your server is.
Post Reply