Sessions &amp; Security

Sessions & Security

epp_b

I have a script that validates a login (by comparing it to variables) and based upon that, if the login is successful, it places a session variable which is simply a boolean value to check if the user is logged in or not. Is this an insecure way to go about things with sessions?

Mce

As far as I understand it, that should not be a problem unless someone guesses the name of the session variable.

-Mce

cockney

You can download a good pdf doc here if you want to know some more about web app. security http://www.owasp.org/

The level os security you require depends on what you're doing or stand to loose if the site gets comprimised