People are using a FireFox editing program to change the value of cookies and forge things on my site. How do I make it so they cannot do this?
yes they can be forged but not if you save session id's in a database, then check if the session is a valid one.
I am having some problems creating the sessions. I used this session_start(); $_SESSION['score'] = $score Code (markup): And then on another page I used if(isset($_SESSION['score'])) { echo $_SESSION['score']; } else { echo 'Error'; } Code (markup): It just displays Error for some reason. What am I doing wrong? Do you have to use session_start(); on the same page you are attempting to display $_SESSION['score']?
That is what I was going to suggest. You can use mcrypt to handle the encryption. There are free php classes which allow you to easily use mcrypt. Thanks
Stop storing information in cookies.. just store a key that is linked to the information in a session table.. = impossible to alter values.