Is there anyway to prevent session variables from being overwritten by a get string?
I'm wanting to use sessions for security/login, but I'm finding that I can bypass this
very easily. For example, I want to hide menu items based on security level, so I use
something like this:
if ($HTTP_SESSION_VARS["sess_auth"] > 2) { print "<BR><A HREF=/control/newsed.php>News
Editor"; };
which works, however, it can be bypassed if someone just enters the value in the url
like so:
http://secured.site.com/index.php?sess_auth=admin
is there any way around this using sessions? Is there a far more suitable method?
Thanks!
Jason Bell
- [PHP] session variables george
- Re: [PHP] session variables mailing_list
- Re: [PHP] session variables george
- Re: [PHP] session variables mailing_list
- [PHP] Session Variables Nikhil Goyal
- RE: [PHP] Session Variables Johnson, Kirk
- Re: [PHP] Session Variables Nikhil Goyal
- RE: [PHP] Session Variables Johnson, Kirk
- Re: [PHP] Session Variables Nikhil Goyal
- RE: [PHP] Session Variables Johnson, Kirk
- RE: [PHP] Session Variables Jason Bell
- RE: [PHP] Session Variables Johnson, Kirk
- RE: [PHP] Session Variables Sascha Schumann
- Re: [PHP] Session Variables Jason Bell
- [PHP] Session variables Ing. Lalka Peter
- [PHP] Re: Session variables Richard Lynch
- [PHP] Session Variables Chad Gilmer
- RE: [PHP] Session Variables Rick Emery
- [PHP] Mime type prepeded at file upload David McInnis
- Re: [PHP] Mime type prepeded at file upload Miguel Cruz
