Hey, I'm implementing a captcha system and what it does is MD5 your session ID and use that as a filename to containt the captcha image. My question is, what is the point of MD5 encrypting the session ID when the ID is readily available in javascript in the PHPSESSID variable?
Because Javascript doesn't need to know the filename? Because the session id could contain characters that aren't suitable for a filename? Probably other reasons I can't think of at the moment.
Without understanding exactly what's going on, I'm not sure why you'd necessarily even need a file for the captcha. Ignoring that for now, I can't think of any particular reason you'd gain anything by the md5, but again, I don't know the details.
if seen it used in some older scripts in an attempt to prevent session hijacking.. however this practice was never popular and proved in effective.. there isn't any true reason for doing it.
