I put some important variable like "cpanel_password" in config.php and put it in $_SESSION[] variable. Is $_SESSION secure? Or hackers can access it when crawling my site? Thank you
Asked
Active
Viewed 27 times
0
-
1That depends entirely on your code and how your server is configured. If `display_errors` is enabled for example (or xdebug/stacktraces are) then it most likely is not. – Raxi Jan 01 '22 at 06:20
-
1If you ensure `display_errors` is disabled, and everything else set to factory defaults, then i'm fairly sure the contents of `$_SESSION` isn't made available to clients. But it would be very easy to leak within your application code. – Raxi Jan 01 '22 at 06:22