smerny Posted July 14, 2009 Share Posted July 14, 2009 If I have a session variable "user_rank" and have a number assigned to it which determines whether or not the user has access to certain features.... is that secure? or should I be cross-checking the database every time a user does something that requires a high rank? Link to comment Share on other sites More sharing options...
justsomeguy Posted July 14, 2009 Share Posted July 14, 2009 I'm not aware of any ways to change session values on the server, as long as your script doesn't give someone a way to do that. Link to comment Share on other sites More sharing options...
Ingolme Posted July 14, 2009 Share Posted July 14, 2009 If I have a session variable "user_rank" and have a number assigned to it which determines whether or not the user has access to certain features.... is that secure? or should I be cross-checking the database every time a user does something that requires a high rank?I'd have their rank in the database. When the user enters a page, the session variable only needs to tell the PHP script that the user is logged in.EDIT: Actually, none of the session information except the ID is ever sent to the client, so the information of a session variable is pretty safe. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.