Php session fixation example and fixes

Question

My question is about this summary on session fixation:

• Alice has an account at the bank http://unsafe.com/. Unfortunately, Alice is not very security savvy.

Answer 1

If you use session_regenerate_id() everytime a user logs in you will prevent session fixation. As the user logs in, their fixated session ID will be regenerated and thus stopping the attack.