Sessions Secure?

NeedaCart

Just a quick question guys.

Are sessions secure, as in could somebody manipulate your code in such a way in which they could alter the values inside the $_SESSION['VAR']?

Also, i saw that paypal were offering a service wherby you can accept payments on your site through them.

I was wondering how does your information inside your vars get passed to their system? I'm pretty sure its not POST or GET, or maybe it is!

Thanks in advance guys!!!

devinemke

no, sessions are not completely secure, but they are more secure than a lot of alteranative methods of storing user data to maintain state (like storing user data in cookies for example). you should do some reading here for more info.

PayPal and other popular payment gateways are passed data via GET but the data is typically encrypted via SSL.

NeedaCart

Ok thanks.

One little niggle about the payment process. If the information is passed via get, wouldnt a turned on users see the value of lets say price in the toolbar and couldnt the change it?

I heard of some escape thing, which is suspose to prevent that i think.

Is this true??

devinemke

this can be easily avoided by using the [man]header[/man] function

NeedaCart

Like this ?

<?php
header('location: http://www.google.co.uk/index.php?price=23.3');
?>