Validating Sessions/Users

[devxtec]

I'm wondering what everyone uses for validating logged in sessions. Do you simply check for a variable to be defined in the session such as $_SESSION['username']? Do you set the IP of the user in the session and check against it upon form submissions? Really just curious as to what you all do for validating your sessions as I'm a bit undecided at this point at how I want to handle session validation. However I end up validating the session it needs to be consistent for all users and also provide little room for external factors. For instance a remote users IP address can be spoofed so I wouldn't want to solely validate on that. What would you consider secure for Enterprise level? This is more a discussion of practice I suppose.

 

Anyway I'm looking forward to responses.