Sessions can be used for more robust information management between the user and your web application. By using cookies to transmit a session ID and having PHP manage all the data associated with that session ID, we can associate arbitrary and complicated data with a visit. However, the session ID's flexibility makes it vulnerable to attackers who try to find vulnerabilities in session code, and we must try to make their lives as difficult as possible.
In the next chapter, we will look at user authentication. We will first investigate some solutions that various platforms (such as the Apache HTTP Server and existing plug-ins) give us and then see how we would write your own platform using sessions.