For example:
User John logs in - $_SESSION['idnum'] = 123
User Craig has idnum 994
John modifies his SESSION['idnum'] to show 994
John posts a thread, and OH NO, it looks like Craig just insulted user Jimmy!
Possible?
p.s. If someone wants to explain to me how sessions work, I'd be grateful. I've been treating them as if they're perfectly secure, and I'm pretty sure they're not.