Ive been using sessions for my website login but dont actually seem to be able to get my head round the data and content of it!
For example ... if im using a session that holds the username of the member which is used to indetify and check access and who is logged in then what do we need to do with that username data as surely it isnt secure from hackers gaining access if it is in text form?????
Ive heard alot passwords should not be stored in them which I havent done but I am worried by having a simply username session isnt going to protect my members area or the members account area.
Is it worth setting multiple sessions with say the DOB/Username/and a random number that is saved into the database to identify the user????
What should I be setting in my session and what is the chance if I only use the username that someone will be able to hack it or at least gain access from pretending to be the authenticated session?
Hope this makes sense? lol