can users change session variables? | ansaurus

tags:

cakephp

views:

34

answers:

1

Q:

can users change session variables?

Or are they only manipulated by the server? For instance, can we always assume that Auth.User.Id always corresponds to the current user?

A:

Session variables are always kept and protected at the server. When using PHP's default implementation at least. So yes, as long as its set right.

Only a unique ID identifying the session is sent to the client.

Alexander Sagen 2010-09-26 17:25:49

related questions

PHP Array, key without an assigned value

How do I send arrays between views in CakePHP

When deleting hasOne or hasMany associations, should the foreignKey be set to NULL?

Why doesnt paginator remember my custom parameters when I go to page 2?

CakePHP hasAndBelogsToMany using save() vs. saveAll()

Three table related model in CakePHP

Best practice for placement of display logic in a view in CakePHP

Where to put controller parent class in CakePHP?

How to (with SimpleTest) write an AssertTags test with regex?

Add dismiss control to session-flash() output in CakePHP

Which PHP framework is closest to Ruby on Rails? CakePHP? CodeIgniter?

In CakePHP, how can you determine if a field was changed in an edit action?

CakePHP n to n relation on a third table

Saving information in "sub" model in CakePHP

CakePHP multi-model view

Disable Cakephp's Auto Model "feature"

CakePHP View including other views

How do I use the TranslateBehavior in CakePHP?

Zend Framework or CakePHP?

CakePHP: Action runs twice, for no good reason.

CakePHP ACL Database Setup: ARO / ACO structure?

Help me construct a complex SQL query (or queries).

How do the CakePHP and codeigniter frameworks compare to the ASP.NET MVC framework?

How to control a web application through email? Or how to run php script by sending an email?

unit testing of dynamic fixtures