I am developing a wordpress plugin which needs to pass big data over ajax. And then a php file will process those data and finally php will force to download a file based on those data. But when I try to pass those data via ajax , force download does not work. when I use hidden iframe for force browser to download file via ajax , then I could not pass those big data , becuase it passes data via url .
So I have decide that , I will store those data in a php session .
But my question is, if I create a session with those data it will be accessible from frontend. So it might be a big security issue .
So , how can I get rid of from this ??
Is it really dangerous for security? or not? is there any other way if its really dangerous?
Note that : this plugin reads all of data from database , and my big data are those data. so it will be so dangerous if it is seen from frontend .
I think you need to be a little more specific with your question. WordPress doesn’t use any session variables in it’s core operations. If you add the functionality of using sessions in your plugin, it would simply be as secure, or insecure, as you make it in your code. [For instance, are you using HTTPS?] It really isn’t related to WordPress at all! Normally, a web client would not have access to the session data, only be able to pass the session ID to your code. Cookies would be exposed to the web client. What your code exposes to a client baring a particular session ID, that’s up to you.