Is it secure to store the session_id received from php in PlayerPrefs?

Is there any other more secure way?

 

PlayerPrefs depending on the platform is just stored in clear text in a file, or stored in clear text in the Windows Registry.

Literally any form of encryption or obfuscation would inherently be more secure, since you're comparing to no security.

 

Thanks for your answer. Is there any secure way to encrypt that variable even if someone get access to the code with reverse engineering?

 

Well the file or registry location is in a standard location, so there is no reverse engineering needed to find the data. There is also no way to prevent someone from going through your executable and figuring out how to decode whatever you save. All you can do is increase the skill level or time investment required to do so. There is no such thing as an entirely secure way to save data on the client using code you've placed on the client.

I'd suggest researching the topic of local encryption for more information on the issues, as this isn't really a game specific topic.

 

No one has asked what you're trying to achieve. Why are you storing the session_id in PlayerPrefs?

 

What's the point of encrypting session_id?
It's not a secret, it's easily accessible in a browser like any other cookie, because it's meant to be sent as plain text anyway.

All security related to sessions should be server-side only. Don't trust the client.

 

I'd like to store it anywhere on the client machine in order to avoid him to re enter his credentials each time he open the game.

Yes, if the client server is compromised, all cookies are vulnerable. Hence I don't know if I'm trying to solve a problem "out of my jurisdiction".