Quick Question on PHP Sessions

I know that there is a built-in security measures done for PHP's sessions but is it ($_SESSION array) secure enough to use as a storage for authentication data (i.e.
PHP Code:
$_SESSION["login"] = "logged_in" 
and test
PHP Code:
(isset($_SESSION["login"]) && ($_SESSION["login"] == 'logged_in')) 
if the user is logged in or not)? Is it also secure enough to handle sensitive information such as credit card numbers? What other security measures can I use to preserve the integrity of the data as it is used across the sessions variable?

Also, I read somewhere that scripts should make sure that the $_POST data actually came from the same form it was sent; what are your opinions regarding doing this? I was thinking of using IP address comparison but how about those with dynamic IP's? Thanks!

 

 

 

 

Top