i need to store some informations in the session like username, userid and such other info (not password). I was reading about a big security hole in the sessions: when a session is created a cookie with the sessionId is created. Now, if i edit the cookie value of another browser on my pc i can use the session of the first original browser. This is really a big security hole, how can i fix this?
View Complete Post