I'm using session to keep a user loged on. There username is sent to all pages, I'm woundering if a attacker can a false session with a false username and gain access to my site. ATM everything runs off if (isset(session[username])) {. Can I increase security without going overboard
