Some web frameworks will even sign the cookies that hold the session IDs.

Why might webmasters use signed cookies?

To detect tampering with the session IDTo extend the life of the session ID

You're right! If the magic cookie is signed, a manipulated session will be deactivated and useless to you.

Wouldn't extending the life of a session ID give us more time to hack the website?