regenerating session id

Question

I am thinking of using this code on every page to reduce the possibility of session hijacking. By renewing the session_id on every request

if(!empty($_sessio         


        

Answer 1

Calling session_regenerate_id on every page is an unnescessary overhead.

You should only be calling it at the point of login or any time you re-authorize a user.

If you want additionally you could store the last regenerated time in a session and then call session_regenerate_id after say 30 minutes, but there's definetly no need for this to be done on every page.