I am building an online store for my company. Customer are able to buy one of our products from our website where we charge there credit card. We have purchased and installed an SSL cert on the server through our ISP. What I am wondering is that I store the credit card, expiration date and CVV code in a session variable to transfer to the script that sends the information to the merchant gateway. My question is, that if all this is happening on the secure https pages, how much risk is there of session hijacking and someone getting a customers CC information?