I don’t to let the user edit some unique ids, when I pass it

Question

0

Asked: May 26, 20262026-05-26T03:08:47+00:00 2026-05-26T03:08:47+00:00

I don’t to let the user edit some unique ids, when I pass it

0

I don’t to let the user edit some unique ids, when I pass it through $_POST so I’m using $_SESSION instead, because as far as I know, a session can not be edited.

Is that a good & safe solution?
Offcourse I’m unsetting it after reading.

I want to be sure, so thats why I’m asking.

Some code where I’m doing it:

if(!isset($_POST['save'])) {
     $posts = $_POST['special_ids'];
     [..]
     $_SESSION['posts'] = $posts;
     echo "<input type="hidden" name="save" value="1"/><input type="submit" value="Submit!"/>";
     [..]
} elseif(isset($_REQUEST['save'])) {
     //then I'm reading the $posts
     $posts = array($_SESSION['posts']);
     [...] //doing what I need with it.
     unset($_SESSION['posts']);
}

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T03:08:48+00:00

Editorial Team

2026-05-26T03:08:48+00:00Added an answer on May 26, 2026 at 3:08 am

If you define the values on the server and don’t want to allow the end user to edit them it is definitely safer to use $_SESSION rather than sending them to the client, and getting them back again as, yes, they could have been tampered with.

It’s not possible, short of server vulnerabilities, for a client to alter their session values directly.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I don’t to let the user edit some unique ids, when I pass it

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply