I was browsing around the web trying to find info on secure php login scripts, what makes them secure, and what are it’s vulnerabilities. I was only able to find one good source of info, but it is from 2004. 
Any info that will point me in the right direction is greatly appreciated
BTW, here’s the info I found:
This is a short explanation why I have chosen these authentication methods.
Users with shell access to the web server can scan valid session id’s if the default /tmp directory is used to store the session data.
The protection against this kind of attack is the IP check.
Somebody who has a site (on a shared host with you) can generate valid session for your site.
This is why the checkSession method is used and the session id is recorded in the database.
Somebody may sniff network traffic and catch the cookie.
The IP check should eliminate this problem too.
