the site http://www.owasp.org/ i have bookmarked, very interesting, indeed I found it mentioned in the 3rd one down in list of top ten

"Broken Account and Session Management"

Very interesting and answeres alot of my questions, have been working with sessions now for few days, and seem to have goten my login system working and last night found a way to logout a user by first unsetting all session data, destroying the session, and calling my custom made garbage colector for my own session save handler.

Makeing my own session save handler was a bit of a task but I mainly modified what I saw in php.net

Thank you Juridian for those two articles which I will be reading tonight.

And once again to nebulus200.

EDIT: I have completed reading Part one - http://www.securityfocus.com/infocus/1688 and has given me some ideas to strenghten my login security that I have overlooked, such as engourageing strong passwords, expireing old passwords and the use of password reminders or secret questions.

Thankyou for these links.