When an user creates an account, he is given an user id from the database that is unique and auto-incremented. So the first user has the user id of 1, the second user created has the user id of 2, and so on. I'm using PHP sessions to store the user id when they are signed in so that they stayed signed in. After reading several articles, I get the point that you never want PHP sessions to be as vulnerable as I have made it (It's easy for a hacker to determine what the php session user id is of each user. So my question is, If I was to use md5 or blowfish based on their unique username to generate an user id for each user, will that make PHP sessions secure?
A good approach would always be to at the login screen and immediately post login to force a new session id generated using random numbers
session_start();
$newsessid = somerandomnumberfunction();
session_id($newsessid);
you can also use session_regenerate_id() function to generate a new id
session_start();
session_regenerate_id();
Good Read