Is Session a safe place to store data ? |
(07-25-2016, 03:53 PM)PaulD Wrote: Ah, no it meant that if you store in your cookie, user_id=3 say, if I log in, get a valid session, and change that cookie value to 4, or 5, or 10, or 2, what user will the system think I am. Valid session, valid user id, must be user 5 or 6 - yes? No. It is user 3 mucking about with the cookie. Haaa ok... Yes that would be bad... Well I never worried much about Ion Auth since it had good reputation and was made by Ben Edmunds. I just checked my cookies in chrome and I have: ci_session, identity, remember_code Identity has my user e-mail though. I assume if I change this to another user I can't take over his account right? I really don't know how Ion Auth is working internally... |
Welcome Guest, Not a member yet? Register Sign In |