| Is it safe to use sessions for user validation? |
|
Thanks for all your answers!
In my query example, $user_id is not user input, but a value taken from the session, which was added there from a query that takes user Ids (which are always integers). My fear is that an attacker would be able to change the session data andĀ impersonateĀ other users, e.g. changing his ID (e.g. "201") to 1, 2, 3, ... 100000 and thus causing a lot of damage. Would something like that be possible? @InsiteFX long-term persistence is a nice-to-have feature, but for now, there are other things to be done 
|
| Messages In This Thread |
|
Is it safe to use sessions for user validation? - by ronaldv - 06-16-2017, 03:19 PM
RE: Is it safe to use sessions for user validation? - by marksman - 06-16-2017, 04:18 PM
RE: Is it safe to use sessions for user validation? - by skunkbad - 06-16-2017, 06:13 PM
RE: Is it safe to use sessions for user validation? - by InsiteFX - 06-17-2017, 03:49 AM
RE: Is it safe to use sessions for user validation? - by dave friend - 06-17-2017, 06:35 PM
RE: Is it safe to use sessions for user validation? - by ronaldv - 06-18-2017, 11:22 AM
|
