Is there anyway to prevent session variables from being overwritten by a get string?

I'm wanting to use sessions for security/login, but I'm finding that I can bypass this 
very easily. For example, I want to hide menu items based on security level, so I use 
something like this:

if ($HTTP_SESSION_VARS["sess_auth"] > 2) { print "<BR><A HREF=/control/newsed.php>News 
Editor"; };

which works, however, it can be bypassed if someone just enters the value in the url 
like so:

is there any way around this using sessions?  Is there a far more suitable method?


Jason Bell

Reply via email to