Welcome Guest, Not a member yet? Register   Sign In
Is Session a safe place to store data ?
#1

Hello All !

I am working on project to build a webapp to manage the finances of multiple companys.

My question is: Is it safe to store imnportant user related data in session ?

Example: I want to allow users to create invoices in my app.

In my DB I have a table called invoices, and it has a column called company_id.

When the user logs in my application (using Ion Auth) its company_id is stored in session...

Than every time I want to retrieve a record I will add a where statement like this:


        $this->db->where('company_id', $this->session->company_id);
        $query = $this->db->get('invoices'); 


My point is that if a user can manipulate session data, he will be able to see other company invoices... and I dont want that....
Reply


Messages In This Thread
Is Session a safe place to store data ? - by Poetawd - 07-23-2016, 03:29 PM



Theme © iAndrew 2016 - Forum software by © MyBB