Hi, can anyone advise about another issue that occurred to me.
Basically, let's say the cracker know that in my application I create a
session variable named "auth_user" for valid users. Is there a way to
hack into it if he knows this session variable name?
Example:
if($action==edit_personalinformation_update)
{
if(!session_is_registered("auth_user"))
{
stop_unauthorized(); // defined function that prints an error
message
return;
}
//SECURE OPERATIONS
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
