how reliable is this code (session related)

[eluser]Spredemann[/eluser]
Hello guys!

I'm coding a website where when users are accessing their own profiles, a series of stuff is editable... like status (online, busy), a short header message, and amongst other things, they are able to delete stuff (for example comments posted on their profiles), and basically do all the changes they want.

So, I've got this code:

Code:

if ($user_id == $this->session->userdata('user_id')){
$editable = true;
}
else{
$editable = false;
}

and in the view, depending on whether or not $editable is true, I echo out the menus, delete buttons, etc.

My concern is: how reliable is the data contained in the userdata? Can it be easily hacked by a user? In this code, if the guy just goes there and changes the id in the userdata to another valid user id he will be able to go to that profile and do a lot of harm!

so... is it strong enough like this or is there a better way?

[eluser]mast3rpyr0[/eluser]
You might have to enable database sessions, that way if a change in the cookie is detected the session will be destroyed immediately.

[eluser]Spredemann[/eluser]
sounds great! I guess this way should work. I saw that there is a class for it in the wiki... I'm gonna try it tonight

thks