Security and Yii::app()->user->getState('xxxxx')


I read a lot of documents about security and about using setState/getState to store user-related content.

I know It’s a very bad idea storing passwords in this place. And what about the user roles?

Today I was debugging my application and found this in the session part of the debugger:

3debece294c8f768ebbabcd0f53a973a__states	array


'admin' => true


Another person will be able to change something to get an higher access level in my application?