While I was reading about session hijacking articles, i learned that it would be nice to encrypt session id value that is stored in a cookie.
As far as I know, when I s
Unfortunately encrypting the session ID is not going to increase security much, as the attacker can just use the encrypted form (which is the only thing visible to them anyways).
The only thing this might prevent is the trick where you send someone a link with ?PHPSESSID=foo in it, which will cause PHP to create that session. You can prevent that by using encryption and validation, but you should rather turn off session ID transfer in the URL completely.