I am a making a website witch uses sessions. When someone logs in the following happens:



1. A random session id is generated and placed in the cookie

2. The session id is also placed in a database alogn with the ip of the user the username of the user and the time the time this session was created

Now this is what happens on every page that needs loggin in:

1. The session id in the cookie is checked to match the sessionid in the database and the ip of the user is checked to match the ip in the database. if any dont match the user is asked to login.


is this secure? how can i make it more secure? i know that if the user is on an insecure ethernet lan his session can get highjacked. How can i fix this?

Thank you all