PHP session var enough for user auth?

Question

Scenario:

• After a user has logged in, a session variable is set confirming their login.
• At the top of every page, login session variable is confirmed vali

Answer 1

As of 15 November, the two answers I have received do not address my question, which was

"Is this [a single session variable] a strong enough security measure by itself?"

This question says yes, but there seems to be some dissension. Here is a summary of the various results:

1) A single session variable is not enough security since a session can be hijacked fairly easily.

2) Since this can occur, no session is truly safe, but it can be made safer with the addition of a fingerprint. This ensures a unique, repeat-able check each time a session needs validation. @zerkms recommends a hash of User-Agent and a few others (refer to his code).

3) Salting the fingerprint is mostly useless since it obscures the data but is replicated on every client machine, therefore losing its unique-ness.

4) A database solution is useless since it is a client-side problem.

Not the definitive answer I was looking for, but I suppose it will have to do, for lack of anything better.

Reading that has helped/confused me further:

Session hijacking and PHP

Is HTTPS the only defense against Session Hijacking in an open network?