-
Session could be modified in different occasions.. See this -> Session Poisoning
讨论(0) -
No. The data in the $_SESSION variable is stored on the server, inaccessible from the user.
A session is coupled to a user through a cookie. A cookie with a identifier (i.e. a long random string) is sent to the user to identify the user and link him to his session. If somebody else gains access to this cookie, he can use that same code to pretent he is the user, and that way he can get in without the password.
讨论(0) -
The session can only be modified from the PHP code, it's unlike
$_POST, $_GET, $_COOKIEetcAs an aside I think you can use
empty()to simplify your conditional:<?php session_start(); if (!empty($_SESSION['authenticated']) { echo "Super secret stuff!"; } ?>讨论(0)
加载中...
- 热议问题