I am creating a login page and once I validate a login id I was wondering if it is safe to use a session variable to remember the person so they can access the whole site while there browser is open.
see http://us2.php.net/manual/en/ref.session.php in PHP manual, and this link: http://www.acros.si/papers/session_fixation.pdf.
HTH, -Tom.
