Is it safe to store a logged_in option as a SESSION?

Question

Is it safe to set the session logged_in as true if the login is correct? Will the user be able to edit this, or set their own session?

score 0 · Answer 1 · answered Jan 12 '18 at 22:38

Good afternoon Hugh,

PHP session variables are stored on your server, not on the local machine. For general purposes, setting a session variable to check login is safe, but I would have an additional check to validate username and maybe even a session key.

score 0 · Accepted Answer · answered Jan 12 '18 at 22:39

0

Is it safe to set the session logged_in as true if the login is correct?

Yes

Will the user be able to edit this

No

or set their own session?

No, though they can hijack an existing session.

answered Jan 12 '18 at 22:39

rlanvin

6,057
2
18
24

score 0 · Answer 3 · answered Jan 12 '18 at 22:42

session it related to a user currently logged in. For a user, who wants to alter other user's session, it is a way harder thing to do then to mess around with such other user's cookies.

Given there are 2 directions to move on: cookies or sessions - sessions are generally more safe. It is also an important note here in below answers, that sessions are stored on your server, while cookies shall be kept on client, thus by nature being more vulnerable then sessions.

Is it safe to store a logged_in option as a SESSION?

3 Answers3