authentication session id

[eluser]Xavier D.[/eluser]
$config['sess_expiration'] = 0;
$config['sess_time_to_update'] = FALSE;

My solutions, keep session persistent and store the session_id in the users database, before you ask for users details, you do a check if the user_id and session_id are corresponding to each other.

true -> returns user_id
false -> returns 0 and user gets logged out.

seems like the only solution.