I have been reading lots about the use of cookies and session id's but keep thinking i'm missing something. I currently set cookies when users login and add things like the users database id or email so I can retrieve their details when needed, and for forms, but I don't use cookies for much else.

Do I need to think about using the session ID to improve site security, or to serialise calls to PHP and/or the database?

I'm also confused by the use of the session ID. I've read that you can tie the session id to a users IP address to reduce the risk of cookie hijacking, but is the session id reset everytime you state session_start(), which of course must be delared for the use of cookies?

If you can help, I'd be grateful.

Votes + Comments
Excellent question, wondered about this a lot myself.
5 Years
Discussion Span
Last Post by Thorby68
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.