会话通常是关键的IP地址在某种程度上阻止会话盗窃。

Sessions are usually keyed to IP addresses at some level somewhat preventing session theft.

除此之外，会话ID不包含任何个人信息;你的密码，甚至是盐和哈希。密码，盐化和散列，因为他们可以，可以重复使用;会话ID不能。一旦会话结束，就结束了，您需要一个新的会话ID才能再次模拟用户。

Beyond that, the session ID doesn't contain any personal information; your password, even salted and hashed does. Passwords, salted and hashed as they may be, can be reused; session ID's can't. Once the session is over, it's over, you need a new session ID to be able to impersonate the user again.