When developing applications or just creating a general website with the use of sessions, many developers do not think about securing session hijacking attacks. For further information I recommend searching google, however I have produced a small function to be called immediately after session_start().
your_page.php:
<?php
session_start();
include_once 'session_secure.inc.php';
session_secure();
?>
session_secure.inc.php :
<?php
function session_secure(){
$alph =array('A','a','B','b','C','c','D','d','E',
'e','F','f','G','g','H','h','I','i','J','K','k',
'L','l','M','m','N','n','O','o','P','p','Q','q',
'R','r','S','s','T','t','U','u','V','v','W','w',
'X','x','Y','y','Z','z');
for($i=0;$i<rand(10,20);$i++){
$tmp[] =$alph[rand(0,count($alph))];
$tmp[] =rand(0,9);
}
return implode("",shuffle($tmp));
}
?>
There are quicker ways like md5(time()*rand()), however the function above is completely random, and will render an attackers hijacking task almost impossible.