CodeIgniter Forums
user session data passed to view - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21)
+--- Thread: user session data passed to view (/showthread.php?tid=29694)



user session data passed to view - El Forum - 04-18-2010

[eluser]mike34666[/eluser]
hello, i want to pass userdata to the view. is there anything inherently insecure or unsafe about this?


Code:
$params['userdata'] = $this->session->userdata;

$this->load->view('foo',  $params);



user session data passed to view - El Forum - 04-18-2010

[eluser]vitoco[/eluser]
i think not , if you doesn't do echo on sensible data. Remember that all the process, e.g. the session data in the view is processed in the server, not in the client, so you can pass all data needed to the view, sensible or not, but it's only a security flaw if you show it( send it to the client in the rendered html ).

if i'm wrong, please correct me.