When an user creates an account, he is given an user id from the

Question

0

Asked: June 12, 20262026-06-12T09:23:34+00:00 2026-06-12T09:23:34+00:00

When an user creates an account, he is given an user id from the

0

When an user creates an account, he is given an user id from the database that is unique and auto-incremented. So the first user has the user id of 1, the second user created has the user id of 2, and so on. I’m using PHP sessions to store the user id when they are signed in so that they stayed signed in. After reading several articles, I get the point that you never want PHP sessions to be as vulnerable as I have made it (It’s easy for a hacker to determine what the php session user id is of each user. So my question is, If I was to use md5 or blowfish based on their unique username to generate an user id for each user, will that make PHP sessions secure?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-12T09:23:35+00:00

Editorial Team

2026-06-12T09:23:35+00:00Added an answer on June 12, 2026 at 9:23 am

A good approach would always be to at the login screen and immediately post login to force a new session id generated using random numbers

session_start();
$newsessid = somerandomnumberfunction();
session_id($newsessid);

you can also use session_regenerate_id() function to generate a new id

session_start();
session_regenerate_id();

Good Read

PHP Session Security

PHP Security Guide: Sessions

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

When an user creates an account, he is given an user id from the

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply