If I wanted to store all my user info in a session rather than fetching it through MySQL on every page load, is it still safe?
I have this in htaccess:
php_value session.cookie_domain .MYDOMAIN.COM
Soo... is it stored in a session on the server or a cookie?
Basically, if I were to say $_SESSION['access_level'] = 5, is there some way they could manipulate the value and give themselves a higher access level?