@legendxNov 25.2006 — #You're probably thinking of cookies. It's next to impossible to change the information stored in $_SESSION['User']['Id'] since the data is on the server, but someone could steal the session id which is stored on the browser (in COOKIE form or in part of the URL). The result of this is that someone could impersonate you by somehow getting your session id, pasteing it into their web browser, and go to your website before the session expires.
I don't really think it is a security risk. I compare it to someone stealing your password. It's gonna happen, but is it really your fault, or the users?
@NeoNmaNauthorNov 27.2006 — #Okay, it's becures i think i will make the nice website whit no risk to be hack'et easy ? and i have make user logins whit Session all my time ? bot i think it's be easy to hack so i ask to be sure ?