可以在客户端更改$ _SESSION变量吗? [英] Is it possible to change a $_SESSION variable client-side?

问题描述

可能重复:
PHP客户可以设置$ _SESSION变量吗?

Possible Duplicate:
PHP Can a client ever set $_SESSION variables?

我想知道的是，PHP $ _SESSION变量是否可以在客户端更改.例如，如果我这样做了$_SESSION['username'] = $username;有人可以以某种方式更改我的$_SESSION['username']变量的值吗?

What I'd like to know, is whether a PHP $_SESSION variable can be changed on the client-side. If, for example, I do $_SESSION['username'] = $username; Can someone somehow change the value of my $_SESSION['username'] variable?

推荐答案

PHP是服务器端编程语言，并且$ _SESSION超全局变量只能在服务器上直接访问.通过普通" php会话，包含在SESSON超全局变量中的数据将以cookie的形式在浏览器和服务器之间来回传递.因此，从技术上讲，可以通过修改Cookie在Web浏览器中使用Javascript修改会话.

PHP is a server-side programming language and the $_SESSION superglobal is only directly accessible on the server. With 'normal' php sessions, the data contained in the SESSON superglobal is passed back and forth between the browser and the server in a cookie. So technically, it is possible to modify the session with Javascript in a web browser by modifying the cookie.

但是请注意，任何尝试做这种事情的想法都可能是一个可怕的主意，并且很可能有一种更简单的方法来完成您想要做的事情.

But please note, any attempt to do anything like this is probably a terrible idea and there's most likely a far more simple way to accomplish whatever you're trying to do.

我问的这个问题可能对您有用 Codeigniter/PHP会话安全性问题

This question I asked may be of use to you Codeigniter/PHP sessions security question

这篇关于可以在客户端更改$ _SESSION变量吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！