Quote from Fahad Pervaiz <fahad.pervaiz@xxxxxxxxx>: "To ensure best security use database as well. Store IP, Session ID, username, login time. After every few minutes you can re authenticate the user against these parameters." I have a login system with sessions and a database where I store session ID, username and what kind of user they are (like admin, moderator of regular member). This I check every time a page is refreshed. Is this secure enough?
