I am bulding a user registration and login system and need some advice around storing session ids and validating user credentials...etc.
Once I have gone through the standard username and password validation, I generate a session id using the users id, email address and time of login + the users ip address.
The session id is then stored in the database and a $_SESSION is created with this as the value. The last login time is also stored in the database.
So when I go to validate the login on different pages, I can take the session id, last login time and current session ip address and re-generate the session id to see if it matches.
The only issue is that this would mean a user can only login once on a single browser as logging in again on a different browser would make the first session invalid.
My question is: do you think this is a good way of validating logins and if not, can you advise on something better.
Is there any pressing reason you aren't just calling session_start() and using the PHP's internal session hancling schema?
I am doing that as well. So I call a session then rebuild it using the uses up address as a unique live identifier.