问题描述

可能的重复:
PHP 客户端可以设置 $_SESSION 变量吗? >

我想知道的是，是否可以在客户端更改 PHP $_SESSION 变量.例如，如果我执行 $_SESSION['username'] = $username; 有人能以某种方式更改我的 $_SESSION['username'] 变量的值吗?

What I'd like to know, is whether a PHP $_SESSION variable can be changed on the client-side. If, for example, I do $_SESSION['username'] = $username; Can someone somehow change the value of my $_SESSION['username'] variable?

推荐答案

PHP 是一种服务器端编程语言，$_SESSION 超全局变量只能在服务器上直接访问.对于正常"的 php 会话，包含在 SESSON 超全局变量中的数据在浏览器和服务器之间通过 cookie 来回传递.因此，从技术上讲，可以通过修改 cookie 在 Web 浏览器中使用 Javascript 来修改会话.

PHP is a server-side programming language and the $_SESSION superglobal is only directly accessible on the server. With 'normal' php sessions, the data contained in the SESSON superglobal is passed back and forth between the browser and the server in a cookie. So technically, it is possible to modify the session with Javascript in a web browser by modifying the cookie.

但请注意，任何尝试做这样的事情都可能是一个糟糕的主意，而且很可能有一种更简单的方法来完成您想要做的任何事情.

But please note, any attempt to do anything like this is probably a terrible idea and there's most likely a far more simple way to accomplish whatever you're trying to do.

我问的这个问题可能对你有用Codeigniter/PHP 会话安全问题

This question I asked may be of use to youCodeigniter/PHP sessions security question

这篇关于是否可以在客户端更改 $_SESSION 变量?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！