Possible problem in my way of setting the SESSION?
Lets say my login.php uses session to store the variables.
I set my session in such way:
$userID is retrieved from the database.
$_SESSION['user_id'] = $userId;
example user id of 1 logged in will look like this $_SESSION['user_id']= 1;
will this cause any security problems?(lets not talk about the deep part, does it even secured enough from basic hacking?)
Is there any relation to the session cookie or Id(which can be hijacked based on other websites say)?
Can anyone please kind explain to me? Simply and easy one please ty
thanks for the reply guys! So you mean i should $_SESSION['user_id'] = md5($userId); ?
Will sha1 be a better choice? Since md5 can be easily cracked.
I thought session variable are stored somewhere in the server? There is still chance to hijack it?