Protect Sessions

Protect session integrity rigorously. Pay attention to the information you give out in your URL querystrings and forms. Hackers will analyze the details to formulate their attacks. Trap and log invalid data that an attacker might imput as he looks through your system for a weakness.  Associate an IP address with a session to make things tougher for potential hijackers. Dial up optimizers add complexity to this strategy but the first few octets of the IP address are constant even with AOL.  Let your user logoff and terminate idle sessions after 15 minutes.