I wonder how secure the sites that are using session variables are.
I have a form with a username and a password. When I submit the username and password matches with the username and password in a database. If it match I set a session variable with the user id. And then I display the information from the database for the user with that user id.
I think this is a very common solution. But how secure is it really? Is it easy for common people or hackers to get through this?
Thanks
// Mattis
