I've a php session with the following variables initiated:
$_SESSION["multi-buy"] = 0;
$_SESSION["basket"] = array();
The characteristics of the session and variables are:
- Only these two variables are stored in the session
- No personal information will go into it - no log-ins, phone nos, addresses, etc.
- No user access given to input directly into the variables
- An integrity check applied before populating a cart _upload command for Paypal
- No additional vars added server/client side
- "multi-buy" will be over-written, checked via if n = integer and n > 1 then discount_cart = x; and only output when creating the cart _upload command
- It's all served over https
- Nothing will be stored in a database (the website is databaseless) so it'll be destroyed when the session expires
- All financial and personal data will be dealt with on the Paypal hosted buy now screen.
So my questions are:
- Is the session in need of additional security over and above an integrity check on output and what's intrinsic to sessions?
- Is there a vulnurability that's nothing to do with the information as such, but instead with something replacing the session variable with malicious executable code?
