I have built my first login system. The user enters a username and password and they are given a session id with their username and id.
This username and id is then used to customize the pages they see.
Every users username and id are basically public information, but the session id is only made by the system when they login.
QUESTION:
What are the security risks of using session id here where the contents are basically public but to get the session id you have to login?
Can someone fake the session id from the public id and username of someone else since that is all a session id contains here? is this easy to do?
Are their any common things to make it safer?