Issue Tracking Sessions

Thanks Kenjis,
Oh dear! I really do not want to touch CI core!!
Just one idea, (note I never use session id in  post/get) and this is where my knowledge is lacking!
If I set the $sessionTimeToUpdate equal to $sessionExpiration, this means session id will not regenerate for the lifetime of the users active session?
I create a database table "active_users" that stores my users unique user id (not login username) and their session id.
For every login, I check my active_user table for my users unique id:

• if present, delete that row and delete session by id.
  
• if not present, start new session and record session id and unique user id in table.
  

Additionall, create filter to match users current session id with "active_users" value, and, check if session data is empty, before every controller.
Therefore:

• If session data is empty (inform user session expired - delete appropriate "active_users" row and delete session by id - return to login view),
  
• If session does not exist on table (inform user alrready logged out - return to login view)
  
• If session id's do not match (inform user multiple logins - delete appropriate "active_users" row and delete session by id - return to login view)
  

If all of the above is implemented, I believe sessions could not be hijacked, as the hijacker would not have a user id, and if they did somehow manage to start a session, this would not match the filter parameters and they'd be automatically logged out.
Many thanks for your time.