November 2nd, 2012, 01:12 AM
Can cookie vars be edited by user?
Can a $COOKIE var be edited by user?
If it can, I have quite a security issue to deal with.
November 2nd, 2012, 02:04 AM
Yes it can. Cookies are stored as text files on the users PC, and if the user knows where to find them, they can view them, edit them, delete them, and do pretty much anything that they want with them.
What exactly is your security concern?
November 2nd, 2012, 03:05 AM
November 2nd, 2012, 09:07 AM
Sessions cannot be edited by the user, cookies can. Never store any sensitive information in cookies.
HEY! YOU! Read the New User Guide and Forum Rules
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin
"The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002
Think we're being rude? Maybe you asked a bad question
or you're a Help Vampire.
Trying to argue intelligently? Please read this.