PDA

View Full Version : Session break, season 3



hantz
09-25-2007, 04:33 PM
well i know 2 ways to secure my pages:
1- is posting a variable with some value and in the next page check if the variable got the right value...doing it with Post and not Get of course...
2-Session
on login page if the username and password is true the user got
Session("admin")=0
and on the "secure" pages i'm checking if the user got "0" in the Session("admin")

well thats good but! too simple don't you think?
what will happend if some "very bad person" will build a page where he will give to him self Session("admin")=0 and link the page to my "secure" page
?:eek: