We’ve all had those moments in designing something where we use some function or variable in a way we lack native comprehension for and right now, I’m doing just that: applying a double md5 on a session ID.
I don’t know why I’m doing this. I know where I got the idea, though: Wordpress. I believe it uses a double md5 approach on passwords, unless I’m mistaken.
Anyway, this brings me to the point of this post… Is there any virtue in doing this to a session ID? I’m currently applying this to the variable prior to being submitted to the database and it’s making me wonder if I should apply the md5 on the database rather than in the app, assuming any of this is even worth doing to begin with. I guess the biggest rationale I have for doing it is this idea that somehow it reinforces security.
Thoughts?