I use the sessions for login system:
$_SESSION['id'] = $result['id'];
I only save id on session and i use session_regenerate_id()
on top of all page, this method is secure?
And i use session_regenerate_id()
on top of all page, but the people can change the session and set any id?