Security and Yii::app()->user->getState('xxxxx')

Hi,

I read a lot of documents about security and about using setState/getState to store user-related content.

I know It’s a very bad idea storing passwords in this place. And what about the user roles?

Today I was debugging my application and found this in the session part of the debugger:


3debece294c8f768ebbabcd0f53a973a__states	array

(

'admin' => true

)



Another person will be able to change something to get an higher access level in my application?

Thanks!

Almir