Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Possible Duplicate:
PHP Can a client ever set $_SESSION variables?
What I’d like to know, is whether a PHP $_SESSION variable can be changed on the client-side. If, for example, I do $_SESSION['username'] = $username; Can someone somehow change the value of my $_SESSION['username'] variable?
PHP is a server-side programming language and the $_SESSION superglobal is only directly accessible on the server. With ‘normal’ php sessions, the data contained in the SESSON superglobal is passed back and forth between the browser and the server in a cookie. So technically, it is possible to modify the session with Javascript in a web browser by modifying the cookie.
But please note, any attempt to do anything like this is probably a terrible idea and there’s most likely a far more simple way to accomplish whatever you’re trying to do.
Edit: This question I asked may be of use to you
Codeigniter/PHP sessions security question