Additional layer of security when login in (Session variables)

I been thinking on the session variables created on log on page. The default session variable created is the the userID, but that's just a number. could I create an additional session variable such as username to both validate both the userID and username together. i.e. the userID and username must be in the same record for the user to view the page.

My think, if the session variable is stored in a cookie and user PC is compromised (they didn't logout), they may be able to work out the session variables and then they can start sifting the shop database.

Or I'm over thinking a problem that doesn't exist.

you are over complicating it.

the login works like this:

you enter the user name and password to the login form.

the database is queried to look for a record with the username and password you enter. If the username and login is found, the ID for that record is stored in a session variable.

so your thinking of storing 2 session variables, wouldn't solve anything, the one session is the result of the 2 values (username and password) being found in the database.

Session Variables are not stored in cookies, they are accessible by the server only. A session is terminated on the following:
User Logs Out
User Closes the web browser ( This includes restarting the computer)
Server Times out - if the user is not active on the site for a certain amount of time, the session is terminated.

Thanks, that was helpful.