User ID, session data and security

[eluser]pickupman[/eluser]
Welcome to the forums. As LuckyFella73 mentioned, using the [url="http://ellislab.com/codeigniter/user-guide/libraries/sessions.html"]DB[/url] will be more secure than a storing in a cookie. The only thing in a users session is the encrypted session id. The only downside is the small additional load that places on the DB. You can encrypt your cookie information as well. One thing I have seen implemented in some auth libraries is storing a random integer offset for a user id. Say a user id is 7 and a random integer is 13, you could save their user id in the session/cookie as 91 (7*13). That way no one could really know their user ID.