Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am wondering whether its possible to change/set/delete my session variable AS A USER.
I am re-thinking the way that I do login realm in PHP. The way that I do it now is that I check whether a certain session variable is set or not. However, this would break if someone can just change his/her session variable.
Given that you do not have a method / form (inadvertently or actively) to allow the user to actively change this data, no. They should not be able to change their username etc.
Since session data is stored on the server, yea, they would be hard set to set this themselves. If register_globals is turned on, this might be a possibility, but that would also require other circumstances to be true.
But in the whole, no, a user should not be able to change the session data unless you provide them a means to.