I've looked everywhere and haven't found a clear step by step tutorial on how to secure sessions/cookies. Here are snippets of my code, i'd like to know how i can improve on session security to prevent fixation/hijacking and cookie safety. This is snippets of code for the user login system.

login.php

if ($username==$dbusername&&$hashed_password==$dbpassword)
                   {

                        setcookie('username[0]',$username,time()+(60*60*24*365));
                        setcookie('username[1]',$userid,time()+(60*60*24*365));

                        if($admin=='1') {
                            $_SESSION['admin'] = 1;
                        }   

                        $_SESSION['logged-in'] = 1;

                       header( 'Location: ' . $return );


                   }

logout.php

$time = time()-(60*60*24*365);

setcookie('username[0]', '',$time);
setcookie('username[1]', '',$time);
unset($_COOKIE['username']); 
unset($_SESSION['logged-in']);
unset($_SESSION['admin']);

I call session_regenerate_id() on everypage, is that correct to stop session fixation/hijacking?

session_start(); session_regenerate_id(true);

php.ini

session.use_trans_sid = 0
session.user_only_cookies = 1

Can you please tell me what i should do to improve on this? Examples would help greatly.

One obvious issue, is that you are storing the username and userid in the cookie. Are you sure that is necessary? Personally, I'd use a generated code, also stored in the user table, so you can use that to determine who it is.