I have a website where I store a ID from a database table in a session variable. That ID in turn gives access to private data to each user. Now my question is, how easy is it to steal or tamper with a session cookie (I use SSL on the site). II would think if a PC had spyware on it, then all cookies, including the session cookie, could be stolen, but apart from that situation, how hard is it to break into someone elses data?
Thanks
Gid