How to encrypt session id in cookie?

Question

While I was reading about session hijacking articles, i learned that it would be nice to encrypt session id value that is stored in a cookie.

As far as I know, when I s

Answer 1

The session ID is relatively unguessable, so that's not really the issue.

There are a things you can do related to this to counteract attacks:

• create a new session when a user signs in
• limit the length of a session

There are quite a few other things as well. I always recommend studying the Rails Guide on these issues-- it offers a very accessible explanation of known problems and countermeasures-- all equally applicable to PHP code.