I can see where enable track vars in php.ini is bad practice and I'm getting to the point where I am starting to transfer sensitive data via a form and $_SERVER[PHP_SELF] and by retrieving through a url via www.somehost.com/index.php?id=7 and other sensitive variables.

Is there a better way to do this? I want to move to sessions but I haven't found a tutorial on sessions that I understand...

Thanks,
Doug