AUTHENTICATION: Are Session Variables SAFE?

Results 1 to 2 of 2

Thread: AUTHENTICATION: Are Session Variables SAFE?

  1. #1
    Betterman Guest

    Default AUTHENTICATION: Are Session Variables SAFE?

    I&#039m creating a user logon screen. When the user<BR>properly logs on, I&#039d like to set Authenticated=True,<BR>and stored that in a session variable. Then<BR>for every page that needs to be protected, I would check<BR>if Authenticated=true.<BR><BR>Could this be "hacked"? Can someone edit their own<BR>session variable and set Authenticated=true?<BR><BR>Is there anything "wrong" with the way I have things<BR>now?

  2. #2
    keithadler@hotmail.com Guest

    Default RE: AUTHENTICATION: Are Session Variables SAFE?

    Of course not, session variables are stored on the server, not the client.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •