Is setting a user ID or username in a session safe?

Question

Is setting a user ID or username in a session safe?

I am a beginner, and I have a question, I want to create a PHP script so that security is 50%. I just want to create a login system based on php sessions.

Since I read during the training process on the Internet, we can store the user ID or username in the session, for example:

$_SESSION['username'] = $user_name;

So is it safe to do this?

Can anyone else create a fake session and access the admin area?

If possible, what is the solution? Can we store a hash password in a session ?!

+4

php session

Pafo Aug 21 '14 at 11:43

source share

3 answers

, login authentication . .

- .

long random string, letters and digits, login key

login key sessio n login key,

+1

Satish Sharma 21 . '14 11:49

Yes, it’s possible to fake a session, but it’s not as easy as stealing cookies, so it’s safe if you don’t have a website where people do something with money, then it’s better to enter Some encryption.

+1

Rikudou_Sennin Aug 21 '14 at 11:51

source share

FlabbyRabbit · Accepted Answer · 2014-08-21T11:49:50+0000

Session values are stored on the server. Therefore, it is not possible to obtain or modify the contents of the session from the client side.

script, ( ).

, , - , stealer cookie, .

Is setting a user ID or username in a session safe?

More articles: