The recently formed PHP Security Consortium has an excellent set of links to PHP security articles. The session management articles by Chris Shiflett are excellent. They discuss how session stealing can occur, and the different techniques you can use to minimize the risk.

ADOdb comes with a session management library. I will look into implementing a session_regenerate_id() equivalent function that improves session security (hopefully this month). Perhaps during Chinese New Year, which is a week-long holiday in Malaysia.