I have been reading up on PHP Session Fixation and Hijacking. I have built a small PHP script to do logins to protrect a members only area. Basically once a user has successfully logged in (verification done in mysql database), I set a session variable that says logged in is true and another session variable for access level.
At the top of my pages is use:
$_SESSION['init'] = true;
Do I need to do anything else to help prevent session hijacking/fixation?