发表新帖
发表新帖

php storing user id in session?

后端 未结
关注
5 1921
说谎
说谎 2020-12-17 14:48

I am wondering what the risks are of storing the userid in a session?

then simply doing a 

if(isset($_SESSION[\'user_id\'])){
  login_user($_SESSION[
5条回答
  • 予麋鹿
    予麋鹿 (楼主)
    2020-12-17 15:39

    If some one can access your session, he can, probably, access much much more. I would not hash it and also make sure it does not get to the client

    0 讨论(0)
 看不清?
提交回复
热议问题