Can a user modify a PHP session?

前端 未结 3 1038
你的背包
你的背包 2021-01-12 06:36

Page1.php:

Page2.php

相关标签:
3条回答
  • 2021-01-12 06:55

    Session could be modified in different occasions.. See this -> Session Poisoning

    0 讨论(0)
  • 2021-01-12 06:56

    No. The data in the $_SESSION variable is stored on the server, inaccessible from the user.

    A session is coupled to a user through a cookie. A cookie with a identifier (i.e. a long random string) is sent to the user to identify the user and link him to his session. If somebody else gains access to this cookie, he can use that same code to pretent he is the user, and that way he can get in without the password.

    0 讨论(0)
  • 2021-01-12 06:56

    The session can only be modified from the PHP code, it's unlike $_POST, $_GET, $_COOKIE etc

    As an aside I think you can use empty() to simplify your conditional:

    <?php
    session_start();
    if (!empty($_SESSION['authenticated']) {
        echo "Super secret stuff!";
    }
    ?>
    
    0 讨论(0)
提交回复
热议问题