Hello All !
I am working on project to build a webapp to manage the finances of multiple companys.
My question is: Is it safe to store imnportant user related data in session ?
Example: I want to allow users to create invoices in my app.
In my DB I have a table called invoices, and it has a column called company_id.
When the user logs in my application (using Ion Auth) its company_id is stored in session...
Than every time I want to retrieve a record I will add a where statement like this:
$this->db->where('company_id', $this->session->company_id);
$query = $this->db->get('invoices');
My point is that if a user can manipulate session data, he will be able to see other company invoices... and I dont want that....