UPDATE:

Thanks for your help.

I switched the system around a little and instead of storing the session ID in a cookie, I'm passing it through the URL in stead. Access wise, everything is working fine.

I was wondering if anyone had any tips on beefing up the security. I know having the SID in plain sight isn't the safest thing in the world, but I've also taken a few minor steps in keeping it secure.

The creation of my SID is a very reliable, random, process. So I think I've done well there. I'm also checking the user's IP against the person who originally logged in. (I know this can be troublesome with proxies and what not, and I also know it's possible to spoof an IP rather easily in a browser.)

So with that said... Any security suggestions would be great.