If (for argument sake) ‘admin-access’ was granted in php with: if (isset($_SESSION[‘admin’])) // this

Question

0

Asked: June 3, 20262026-06-03T20:24:35+00:00 2026-06-03T20:24:35+00:00

If (for argument sake) ‘admin-access’ was granted in php with: if (isset($_SESSION[‘admin’])) // this

0

If (for argument sake) ‘admin-access’ was granted in php with:

if (isset($_SESSION['admin']))  // this session would be set
{ // grant access; }            // after a successful login
else { //redirect ;}

Would this be a particularly easy thing to bypass and fake, if you knew what the name of the session is (in this case it is admin)?

In other words, can someone easily fake a $_SESSION, if all a script calls for is the session to be ‘set’?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-03T20:24:38+00:00

Editorial Team

2026-06-03T20:24:38+00:00Added an answer on June 3, 2026 at 8:24 pm

Using isset() is not bad for security. It depends on your logic that how you use it. It will be good if you not only check isset() but also its value.

For Example:

if( isset($_SESSION['admin']) && $_SESSION['admin'] == true ) { 
  // grant access
} else { 
  //redirect 
}

Or something like this:

if( isset($_SESSION['admin']) && $_SESSION['admin'] == '1' ) { 
  // grant access
} else { 
  //redirect 
}

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

If (for argument sake) ‘admin-access’ was granted in php with: if (isset($_SESSION[‘admin’])) // this

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply