Frustrated with the session support that PHP has built in? Maybe it doesn't quite work or isn't secure enough for you and your site's needs? Well, DevArticles.com might just have an answer you're looking for.

In Security and Sessions in PHP, the author steps you through creating a custom session handler for your site, complete with a database backend and login security for your users. The unique ID for each user becomes the gUID instead of the normal session identifier that's passed between the pages, and the rest of the data is stored in the database table and pulled out to cookies as needed. They even include a block of code that will allow you to check on each page load that the user is really logged in and should be there. Otherwise, it dumps them back to the login page.

They give some suggestions as to how to expand upon this small script, including adding security levels and setting an "auto-expire" date for the session. One thing that would have been nice for them to mention, though, is that, unless you encrypt the data in the cookie, you might want to be sure you don't put important data into it - like usernames and passwords.