I have seen many scripts mixing sessions, with cookies and having two session names, the username or ID and the session ID.
Is this secure?:
if ($this->login($username, $password))
{
// everything works..
$_SESSION['name'] = $username;
}
Why do you need to generate a new Session ID? Why mix cookies with it? and what are the best ways to do it to prevent most of the attacks?