I’m looking for a way to protect my php session that contains important information. Using an IP verification is not a good idea for people on the phone. That’s why I thought it might be smart to store a randomly generated key in the session and in a classic cookie. Then every x minutes check that the two keys match.