6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"can users change session variables?\",\"text\":\"

Or are they only manipulated by the server? For instance, can we always assume that Auth.User.Id always corresponds to the current user?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"chalpert\"},\"upvoteCount\":5,\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

Session variables are always kept and protected at the server. When using PHP's default implementation at least. So yes, as long as its set right.

\\n\\n

Only a unique ID identifying the session is sent to the client.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Alexander Sagen\"},\"upvoteCount\":8}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","cakephp",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/cakephp/1","children":"cakephp"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/ztRxf.png?s=256","alt":"chalpert","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/443713/chalpert","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"chalpert"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",252]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"can users change session variables?"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

Or are they only manipulated by the server? For instance, can we always assume that Auth.User.Id always corresponds to the current user?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",5]}],["$","p",null,{"children":["Views: ",2120]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","3798953",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/878de6f40e8943e2de0bc740c280866a?s=256&d=identicon&r=PG","alt":"Alexander Sagen","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/453614/alexander-sagen","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Alexander Sagen"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",4038]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Session variables are always kept and protected at the server. When using PHP's default implementation at least. So yes, as long as its set right.

\n\n

Only a unique ID identifying the session is sent to the client.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",8]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","965815",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/965815","className":"text-blue-600 hover:underline","children":"CakePHP: Updating a session variable after save"}]}],["$","li","45844211",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/45844211","className":"text-blue-600 hover:underline","children":"Session variable in CakePHP3"}]}],["$","li","25269266",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/25269266","className":"text-blue-600 hover:underline","children":"Updating a the session of a specific user on CakePHP"}]}],["$","li","19721325",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/19721325","className":"text-blue-600 hover:underline","children":"PHP Session set into variable and unset it."}]}],["$","li","6988156",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/6988156","className":"text-blue-600 hover:underline","children":"Accessing cakephp session variable from a php script?"}]}],["$","li","5571523",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/5571523","className":"text-blue-600 hover:underline","children":"Session variables + auth in cakephp"}]}],["$","li","5006539",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/5006539","className":"text-blue-600 hover:underline","children":"Updating a different user's session in CakePHP"}]}],["$","li","3337217",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/3337217","className":"text-blue-600 hover:underline","children":"How to use session defined variables in controller?"}]}],["$","li","1259297",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/1259297","className":"text-blue-600 hover:underline","children":"Sessions in Cakephp"}]}],["$","li","865418",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/865418","className":"text-blue-600 hover:underline","children":"How do I change the user session after a user logs in with CakePHP?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

can users change session variables?

Answers (1)

Related Questions