Is it possible for a client to se a SESSION variable?
Im developing a new intranet system that relies on some session variables.. And im thinking a little about security. Is it possible some how for a user to se a $_SESSION variable? with a program or something like that? and most importantly can a user change a $_SESSION variable?
I dont think thats possible but i wanna know the security risks in relying on $_SESSION variables checks