Sessions (CodeIgniter)

I'm trying to implement a sort of favorites list that lasts with the session. Currently I have my sessions stored in the DB and favorites are stored in a separate table with the session_id of the user. My questions are:

How reliable are these session id values? Although no sensitive data is in these favorites, can other people pass some other session id value and tamper with another users favorites? (I'm guessing they can but aside from they passing another known session id, how can is it to guess?)

Will a session id always exist? In m开发者_如何学Goy library I keep referring to the session id - is it safe to assume that every user has one? (Does PHP/CI automatically create one of those that don't pass any?)

Thanks in advance!

in application/config/config.php, under "Session Variables" is a boolean value called sess_encrypt_cookie which can obscure the session ID. There are also options to require a matching IP address and user agent. This should make it very difficult for someone to spoof the session ID, even if they know what it is.

Regarding whether a session ID will always exist, if your app starts a session on page load it is safe to assume that there is a session ID. However, it expires after a period of inactivity, so it may not be the same the next time the user visits, meaning all of your session settings will be lost when they leave.

Hope this helps.