0

I'm using $_SESSION['captchaAnswer'] to store the answer to a captcha image. Obviously I want to store it somewhere not accessible to the client. Is this where I should be storing it?

  • Depends on what you want to do with it. It's one place to house it as `$_SESSION` is not available client side. Whether or not it is appropriate for your use case is not determinable without more details and/or a code snippet. – War10ck Nov 16 '15 at 17:25
  • yes you cant access session value from client unless you code it..... Anyway i can suggest to use hash in any server or client approach – Vanojx1 Nov 16 '15 at 17:30

1 Answers1

2

No. $_SESSION is a server-side super-global. http://php.net/manual/en/intro.session.php

The user's browser receives a cookie with the session id which it then sends with every request to that domain / sub-domain. This is used to identify which session PHP is meant to use. If you are going to be using the sessions for security purposes, please read up on session hijacking. PHP Session Fixation / Hijacking

Community
  • 1
  • 1
Ignacy Debicki
  • 437
  • 4
  • 18
  • As Ignacy Debicki already wrote, $_SESSION is a server side storage and CANT be acces by the client. The client only gets hold of the id of a session (usually stored in a $_COOKIE), not the contents of that session. So it's save to use in your case. – maxhb Nov 16 '15 at 17:31