1

I have a form and when I submit it, I do an AJAX call to my server. On the server-side, I verify the informations by comparing them with some variables in the superglobale $_SESSION like below : 

HeCanBuyIt = $ajaxData->priceProduct <= $_SESSION["user"]->moneyOfUser;

I am not sure if it is safe or not to do that (Can the user change the "moneyOfUser" variable in his session?).

I can also read the user from the database but it cost the time of a SELECT... I know it's not so slow but I prefer the fastest way.

halfer
  • 19,824
  • 17
  • 99
  • 186
Mourad Qqch
  • 373
  • 1
  • 5
  • 16

1 Answers1

0

All values in the $_SESSION variable are stored only on the server. The client is only given a session ID, which is stored in a cookie in their browser. There is no way for a user to view or manipulate the values in their $_SESSION unless you have explicitly coded that into your program.

See also: How do PHP sessions work? (not "how are they used?")

Community
  • 1
  • 1
Mike
  • 23,542
  • 14
  • 76
  • 87
  • Thank you very much. I was worried about the fact that some hackers could access to that variable but it seems that they can't according to you :) – Mourad Qqch Apr 08 '16 at 15:00