PHP's support for sessions make adding "state" to your web application super easy. Bus because the illusion of state is maintained by storing a Session ID via a user's cookies, you might find yourself losing potentially productive hours chasing down bizarre client side bugs or opening up a potential security hole. Here are 4 tips to help you avoid wasting your time and securing your site.

Items on the list are:

• Don't use underscores in host names
• Commit your sessions before redirects
• Prevent session fixation (great security tip!)
• Don't expose session_id's