Reputation: 11768
Storing username in session PHP?
I am pretty new to PHP Development. So far I stored in a cookie a hash ( user + password ) to keep the user logged in.Now I have discovered php sessions.
Is it possible for someone to modify the value stored as this without having access to server of course?
$_SESSION['username'] = '[email protected]';
Upvotes: 0
Views: 8661
Answers (2)
Reputation: 866
The client is never going to change the variable $_SESSION. I also recommend you not saving the password in $_SESSION and less in $_COOKIE. You can check if the user and password are correct and then you can create the $_SESSION['userID'] or $_SESSION['user'] and then you just check if the session has been created by creating an if statement with the isset function like this:
if(isset($_SESSION['user'])){
// do something...
}
Upvotes: 2
Reputation: 10417
No, session can not be modified directly without server access (Until you left loopholes for hacking)
Session is an array on server (RAM or FileSystem) which is mapped to the user through cookies. User only get session id in cookies. When user return, PHP gets that session id and restore session.
Upvotes: 7
Related Questions
- How to echo $_SESSION['username'] in a PHP string?
- How can I use Session Variables to output login username
- Storing users sessions
- Using sessions to display a users name on website
- how can i use sessions to get user information?
- How to pass the username by using session function
- PHP SESSION for Username
- Using Sessions To Remember User on PHP Form
- Is this code: $_SESSION['username'] = $username; enough to store the username in the session?
- php storing user id in session?