Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
store your data in the database and not the session. the only login information you should store in the session is user_id and any other generic user data such as user_name. You should not create a session that is meant to last for a long period of time it is bad for security and data integrity.