In this chapter you have been exposed to every feature that PHP's session capabilities has to offer. This capability of PHP is the foundation of any e-commerce, and mastering its capabilities is critical to your success as a PHP developer. Hopefully, you should be well on your way to development of session-enabled PHP scripts.
As is almost always the case, with great power and flexibility comes great responsibility. Although sessions are a thousand times more secure than attempting to store sensitive information on a client machine, they are by no means perfect. A malicious user could use a number of methods to hijack a visitor's session. In fact, in the end, there will never be a foolproof method of securing such an inherently insecure protocol as HTTP. As a developer, you must always be aware of these security consequences and always question the possible significance of a malicious user successfully hijacking another user's session. For a bank, this is a serious concern because the malicious user could then transfer another person's money into his or her account. However, for your basic message forum, the possibility that one user could send a message to the forum as another user is not nearly as significant.