PHP Can a client ever set $_SESSION variables?

Question

Is there any scenario where a client/user/hacker can set $_SESSION variables themselves (excluding malicious software running on a server computer. I mostly mea

Answer 1

Yes, it's possible. Read about Session poisoning and another quite common security issue Session fixation on Wikipedia or Google it - the web is full of articles about that.