PHP Can a client ever set $_SESSION variables?

Question

Is there any scenario where a client/user/hacker can set $_SESSION variables themselves (excluding malicious software running on a server computer. I mostly mea

Answer 1

I do not quite understand the question, but this question explains my way of what I think that you want to do.

Make sure that you include jQuery.

Code:

Then make a file called addsession.php.

Code for addsession.php:

Name not defined!
' . "\n";
    $name = "unknownsessionvariable";
  }
  if(isset($_POST["value"])){
    $value = $_POST["value"];
  } else {
    $value = "";
  }
  $_SESSION[name] = value;
?>

Code for script.js:

function session(name, value){
  $.post(addsession.php, {"name" : name, "value" : value});
  window.location.reload(); // This line maybe should be here depending on what you are doing.
}
$(document).ready(function(){
  session("sessvar", "supervalue");
});

Example code snippet:

function session(name, value){
  $.post("http://www.eastonwerling.com/addsession.php", {"name" : name, "value" : value});
  //window.location.reload();
$(document).ready(function(){
  session("sessvar", "supervalue");
});

This example depends on www.eastonwerling.com (my website).