How can session_id() be effectively used in a PHP login system to ensure session security?

To ensure session security in a PHP login system, session_id() can be used to generate a unique session ID for each user session. This helps prevent session hijacking and ensures that each user has a unique identifier for their session.

// Start the session
session_start();

// Generate a unique session ID
$session_id = session_id();

// Set the session ID as a cookie
setcookie('PHPSESSID', $session_id, 0, '/');

// Use the session ID to store user data
$_SESSION['user_id'] = $user_id;

// Verify the session ID on each page load
if ($_COOKIE['PHPSESSID'] !== $session_id) {
    // Invalid session ID, log the user out
    session_destroy();
    header('Location: login.php');
    exit;
}