regenerating session id

Question

I am thinking of using this code on every page to reduce the possibility of session hijacking. By renewing the session_id on every request

if(!empty($_sessio         


        

Answer 1

Best practise is to use SSL (and apply the usual defences against other security attack vectors such as XSS and SQL injection). Cycling session ids is just begging for race conditions.