I have been reading lots about the use of cookies and session id's but keep thinking i'm missing something. I currently set cookies when users login and add things like the users database id or email so I can retrieve their details when needed, and for forms, but I don't use cookies for much else.

Do I need to think about using the session ID to improve site security, or to serialise calls to PHP and/or the database?

I'm also confused by the use of the session ID. I've read that you can tie the session id to a users IP address to reduce the risk of cookie hijacking, but is the session id reset everytime you state session_start(), which of course must be delared for the use of cookies?

If you can help, I'd be grateful.

EvolutionFallen commented: Excellent question, wondered about this a lot myself. +4

Recommended Answers

All 2 Replies

Excellent article. Many thanks

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.