session security in php and things to look out for -

this has been asked bunch of times. curious if believe below code provides signicant level of security. there other if's should think about?

a few assumptions:

1. if user nothing in 5 seconds, log him out.
2. if user not coming somepage.php log him out.
3. if users ip address changes, log him out.

code below:

<?php session_start(); $time = time(); $ip = $_server['remote_addr'];  if ($time - $_session['time'] > 5) {     //function log out user...//echo "logged out,time"; } elseif ($ip !== $_session['ip']) {     //function log out user...//echo "logged out,ip"; } elseif ($_server['http_referer'] !== "http://server.com/somepage.php") {     //function log out user...//echo "logged out,refer"; } else {    //do sensitive stuff } $_session['time'] = $time; $_session['ip'] = $_server['remote_addr']; ?> 

edit:

this basic stuff in "sensitive" area. on maybe facebook level. dont want shouldn't be. if did, there problems, nuclear missles not launched.

5 seconds example testing, longer.

bryan,

if $_server can spoofed, there better methods ascertain user's source ip?