Can a user alter the value of $_SESSION in PHP?

Question

this is crossing my mind and I\'m wondering if it is possible, how secure can it be to store info in the $_SESSION variable of PHP?

Answer 1

The $_SESSION is stored entirely on the server, so the user cannot modify it. However, it is possible for session-hijacking exploits where the user gets connected to another user's session.