I am thinking of using this code on every page to reduce the possibility

Question

0

Asked: May 26, 20262026-05-26T20:15:11+00:00 2026-05-26T20:15:11+00:00

I am thinking of using this code on every page to reduce the possibility

0

I am thinking of using this code on every page to reduce the possibility of session hijacking. By renewing the session_id on every request

if(!empty($_session)){ 
   session_start(); 
}

Another way to achieve so would be to do this:

if(!empty($_session)){ 
  session_regenerate_id(true);
}

However, I heard criticisms of that function that say that if the page is refreshed too fast for some reason, the session id becomes invalid.

Another way to use the session id is to have more control over how a session is generated.

There are other ways to achieve so.. Whats the best practice?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T20:15:11+00:00

Editorial Team

2026-05-26T20:15:11+00:00Added an answer on May 26, 2026 at 8:15 pm

Instead of generating session IDs,why don’t you encrypt and use the already generated one.It can be used and destroyed when the intended action is complete.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am thinking of using this code on every page to reduce the possibility

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply