How to encrypt session id in cookie?

Question

While I was reading about session hijacking articles, i learned that it would be nice to encrypt session id value that is stored in a cookie.

As far as I know, when I s

Answer 1

It's always a good idea to never depend on solely on one cookie or item to validate your (logged in) user(s). As mentioned above, it's a good idea to also store the IP and check with that. A good addition would be to store the USER_AGENT.

Bare in mind that if your application is open sourced, you're just as good with a session id alone because the hacker could easily identify what it is you're validating against.