恶意用户是否有可能编辑$ _SESSION? [英] Is it possible for a malicious user to edit $_SESSION?

问题描述

我将一些重要信息保存在$_SESSION中，而不是在$_COOKIE中.所以，我的问题，这很危险吗?还是可以防止恶意用户尝试对其进行编辑，我还好吗? 谢谢.

I save some important info in $_SESSION, not in $_COOKIE. So, my question, is it dangerous? Or is it protected from malicious users trying to edit it and I'm fine? Thank you.

顺便说一句，是否还可以编辑$_COOKIE?我听说可以，但是如果可以，怎么办?

By the way, is it possible also to edit $_COOKIE? I heard yes, but if yes, then how?

推荐答案

$_SESSION存储在服务器端.黑客可以做的最好的事情就是用另一个用户的会话代替现有的会话，但是黑客不能在$_SESSION中插入任意数据.但是，$_COOKIE是存储在客户端的，因此，黑客可以通过仅编辑cookie来将任意数据插入cookie.

$_SESSION is stored server-side. The best a hacker could do would be substitute another user's session for the existing session, but the hacker could not insert arbitrary data into $_SESSION. $_COOKIE is, however, stored client-side, so a hacker can insert arbitrary data into the cookie, by just editing the cookie.

这篇关于恶意用户是否有可能编辑$ _SESSION?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！