会话足够安全(如果使用得当)，您所做的事情在 99% 的时间里都没有问题.但是，您还可以查看其他内容，例如 cookies，它们的工作方式类似于会话，但存储在用户计算机上并在特定日期到期.Cookie 很酷，因为它们在浏览器关闭时不会过期，因此请注意您在其中存储的内容.另一件需要考虑的事情是 SSL.如果您担心安全性，您可以使用 SSL 证书保护会话数据.您可以做的另一件事是使用 Apache 或其他工具密码保护整个目录您正在使用的服务器.

Sessions are secure enough (if used properly), what your doing will be fine for 99% of the time. However, there are other things you can look into, like cookies, which work like sessions but are stored on the users computer and expire at a certain date. Cookies are cool because they don't expire when the browser is closed, so be careful what you store in them. Another thing to consider is SSL. If security is your concern you can secure session data with an SSL certificate. Another thing you could do is password protect an entire directory with Apache or whatever server you're using.