I need some help understanding how to encrypt a session id to prevent someone from figuring it out. How is a session id encrypted from step 1. What are all the commands?
Encryption is NOT something done by PHP. I don't think you should have any problem with someone stealing a session from another user - each is specific to one browser and are usually hexidecimal numbers I think.
