Level 51
I dont think that is sensitive information it is only flag for admin ... password would be sensitive information
Sep 14, 2016
4
Level 3
Storing senisitve information in session
Is it a good idea to store users admin status on session like this:
session()->put('is_admin', true);
It would only be run once on login and then different parts of application could use it without additional queries. Is it insecure in some way?
Level 3
@tomi Well, maybe, yeah. But if it could be set to true in any way by non admin user, the mess would be beig.
Level 51
How can user set value for session which is on server ...
http://stackoverflow.com/questions/5121766/can-a-user-alter-the-value-of-session-in-php
Level 3
@tomi Thanks, just wanted to make sure :)
Please or to participate in this conversation.