'$_SESSION superglobals with Postman
I have a host.php file that starts with the following:
<?php
session_start();
if (!isset($_SESSION['role']) || $_SESSION['role'] != 'host') {
header('location: index.php');
}
?>
So for this reason, if $_SESSION['role'] isn't set, then I will be returned to index.
Is it possible to include or pass the $_SESSION variables to the backend using Postman? Is there any function in Postman to do this or alternative ways to achieve the same result?
Solution 1:[1]
Is it possible to include or pass the $_SESSION variables to the backend using Postman?
Absolutely not, that would be a huge security hole.
?Is there any function in Postman to do this or alternative ways to achieve the same result?
You could write code to allow a GET parameter to be stuffed into (and thus override) the values in SESSION, but again, that is a really bad idea because it would allow any user to assume any role just by adjusting their URL.
If you're trying to test/dev against this page, you'd generally want to create a test user that belongs to that role, and then authenticate as that user.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Alex Howansky |