Hi Andy, On 12/7/05, Andy Pieters <[EMAIL PROTECTED]> wrote: > Right now when the user is logged in, I put its id in the session. > Then when the user edits his details I put the id in the form and when it > comes back I verify if the id matches the one in the session.
Well, is session data saved in a "secure" place on the server side? Read Form Processing and Sessions sections in the PHP Security Guide http://phpsec.org/projects/guide/ Regards, Ahmed
