I created the login page in chapter 12 and was thinking what if this page was successfully logged in on a public computer and the user didn't log out. Then another person comes along and accesses the login page and successfully logs in. They are now sharing the same session id. I saw the Preventing Session Fixation box and put session_regeneration_id() code in the logged_in.php page after the session check and functions includes. I successfully logged in as two different users using the same same computer and same browser (Firefox) and the two users had the same session id. Am I missing something? THANK YOU!