1

Please apologize my english.

In my website I use this kind of lines to define if the current user is an admin or a normal user:

<? if($_SESSION["nivel"] == 'administrator'){ ?>

I wanna know if this $_SESSION variable could be modified from client side by an user and cause me some security problems.

chris85
  • 23,846
  • 7
  • 34
  • 51
Guillermo Esquivel
  • 41
  • 6

1 Answers1

4

$_SESSION is a superglobal which is only modified on the server.

Therefore the client will never be able to change it.

Src: http://php.net/manual/en/session.security.php

Is it possible to change a $_SESSION variable client-side?

Community
  • 1
  • 1
Derek
  • 2,927
  • 3
  • 20
  • 33