Welcome to WebmasterWorld Guest from 18.104.22.168
All help taken.
Oh yes am running apache on FC6 if it makes any difference and will have about 60 users in total.
With php you can combine SSL and session management to:
Using php or some other scripting language opens up the possiblities tremendously, and you can tighten up security by a significant degree.
Then there's copious real-world examples in the php scripting forum & its library.
Also absorb all you can on security: good practices for validating user input, preventing cross-site and sql injection attacks. I learned a lot from this:
Some of it's a bit hard to follow - your eyes start to glaze over - but if you go back and read it again after chewing on it awhile, it makes more and more sense. Since your first objective with sessions is security, you might actually want to first skim through that article quickly, ignore what you don't understand right off the bat, then go read the session stuff at php.net.