I have been reading lots about the use of cookies and session id's but keep thinking i'm missing something. I currently set cookies when users login and add things like the users database id or email so I can retrieve their details when needed, and for forms, but I don't use cookies for much else.

Do I need to think about using the session ID to improve site security, or to serialise calls to PHP and/or the database?

I'm also confused by the use of the session ID. I've read that you can tie the session id to a users IP address to reduce the risk of cookie hijacking, but is the session id reset everytime you state session_start(), which of course must be delared for the use of cookies?

If you can help, I'd be grateful.

EvolutionFallen commented: Excellent question, wondered about this a lot myself. +4