I read a lot of documents about security and about using setState/getState to store user-related content.
I know It’s a very bad idea storing passwords in this place. And what about the user roles?
Today I was debugging my application and found this in the session part of the debugger:
3debece294c8f768ebbabcd0f53a973a__states array ( 'admin' => true )
Another person will be able to change something to get an higher access level in my application?