Menu
Hey all!
I’m using sessions on a new site of mine and I’ve noticed a possible issue while studying my database.
If a user logs in and logs out, and then someone logs in from the same IP address later on, the second login seems to get the same session ID as the first login. This seems like a security risk – it seems like the session ID is easily guessable.
Am I making some kind of mistake (do I need to use session_destroy on logout?) or is this expected behaviour? If this is normal, then is it a security risk? If it is a risk, is there a way for me to set the session id manually?
Thanks!