Thanks in advance for reading my question.
I've created a web application but I'm worried about security. Right now I am using PHP Session values as the sole means of securing my site, and I know that session can be spoofed and that this is not fully secure.
More specifically, when a user logs in their user ID is stored as a session variable and then each page that requires authentication checks to make sure that the session variable is set, and if it is the program then it calls the user ID via the session variable to display that user's data.
Obviously this is not very secure... what steps should I take to make this a much more secure system?