ginerjm

When you use the word 'session', are you talking strictly about the actual PHP Session or just some data items that you are using to identify the user? If I understand it correctly, a PHP Session is destroyed (soon) after the browser is closed. If you are simply worried about any ids contained in that session, they will go away soon, as said. If you are talking about some other info that is contained elsewhere then you need to perhaps store the session id in that db entry so that you can tell if a user returns but doesn't have the same session id anymore. Of course it none of what you are writing about is at all related to the PHP Session, then let's start this conversation over and tell us what you are really doing.

Since, as I understand it, session data is stored on the server, and in order for a hacker to get to it he would first have to have the id, how does using a static id (set in your 'secure' function) make it more difficult to hack the session data what with everyone running with the exact same id?

Close, but no cigar. Only post the code in the box, not your text. And try and isolate your problem to the relevant code and only give us that much. Is "start_secure_session" something that you have written? I don't find it in the manual is why I ask. Does it return a value that s/b checked?