jquery - Secure form using PHP -
i have simple form 3 input fields posting messages specific group:
- input text
- hidden field group id
- hidden field token
the submiting done using ajax , sending input text , hidden fields
what do: text send user validated. check if token match session token created form.
the problem: hidden id (group id) can changed user , post insert wrong group.
i can remove hidden id , group id session. i'm not sure if secure
yes secured, session variables reside on server not on client side. although, if user can under group, query or in database upon submitting instead of saving in session. if have other form or page user can access , change his/her group, group id in session invalid.
Comments
Post a Comment