Early security issues:
I have a site with authentication (two different types of users). Thus, according to the type of user logged on, I want to display a specific menu.
When it connects, I open a session and attribute him his rights (eg $_SESSION['right_user'] = admin or user...)
Then when I open the page I retrieved the value of session and I compare:
Code:
switch($_SESSION['right_user'])
case "admin": include("menu_admin.php" );
break;
case "user": include("menu_user.php" );
break
My questions:
1 - Using "include" with session variables is secure? if it is not secure, ten what do you offer me?
2 - From a security point of view, the session variables are well protected?
Bookmarks