Session Control "real" security?

Anon

I was just curious to know exactally how safe is session controll respectivly? I have an index page which sets a session variable if the user loggs in with the correct information. then at the beginning of pages which i want to be for "authorized users only" i put something like this at the top...

<?php

session_start();

if (session_is_registered("valid_user"))
{
include ("header.php");
}
else
{
echo "<h1>Access Denied<h1>";
echo "<h3>You are currently not logged in<h3><br>";
echo "<a href=\"index.php\">Return to Login Page</a><br>";
exit;
}

now i guess the question would be, sense this seems to work, how secure is this method of security im using? Im not using encyrption at all,Is there some way to view the source of these php files through the browser, i want to make sure that someone doesnt help themselves to database passwords. Also is it possible to sneak around sessions if you happen to know the sessions variable name? Im not looking for bullet proof security or anything but id just like to know if the method im using has obviously huge security holes

Also is there a way to randomly generate urls, or encrypt the urls using php?

Thanks!

khaine

Just checking to see if the value is set could be dangerous as someone could jump over the security with a little messing about. Best bet is to store a value in the variable that you check each time i.e. the username and password mixed together which you can then check against the login values each time. i.e.
username=nobody
password=password

mixedup=pnoabsosdwyr d
or
mixedup=passnoboworddy

Mark.