PHP Can a client ever set $_SESSION variables?

Question

Is there any scenario where a client/user/hacker can set $_SESSION variables themselves (excluding malicious software running on a server computer. I mostly mea

Answer 1

I don't think $_SESSION variables can be changed unless the user has server access otherwise no they can't change it but filtering the variables or sanitizing it is recommended if it is something the user enters.