halfer
commented
10 years ago A (code) fix for this is now available in the versions chooser (v4). If no issues are spotted with it, I'll make it the default version.
I added some comments to explain the session rotation - I've not explained it in the text, to avoid swamping the user.
As it stands, there is no session identifier regeneration at log-on, and I think this could be improved. The code adjustment would be minor (one line) and can probably be explained just in comments -- I wonder if explaining it in the text also would be pitching at the wrong level for beginners.
This paper looks like relevant reading. Also this question and particularly this answer to it.
Comments/suggestions welcome.