James Spittal
Reputation: 237
Is it necessary to sanitize $_SESSION[''] data or is it paranoid?
The input originated from user input, but it's already been sanitized.
Better to be safe than sorry or just over-kill?
Upvotes: 0
Views: 630
Answers (1)
nkorth
Reputation: 1694
$_SESSION is basically the equivalent of your code making a text file for every user (identifying different users by magic, for explanation's sake), and storing some variables in that text file. Except for your code or something else on your server, nothing should be modifying the $_SESSION. So, if you make a habit of sanitizing everything before storing it in $_SESSION, you don't have to sanitize it again.
Upvotes: 4
Related Questions
- php5 $_SESSION security
- Does a session variable($_SESSION) require any type of sanitiziation
- Should I validate/sanitize $_SESSION variables in php?
- Is safe to rely site security on $_SESSION?
- php session safety
- Securing PHP $_SESSION data?
- Are this way session data safer?
- Session data is visible; is it ok?
- How safe are PHP session variables?