Can a user alter the value of $_SESSION in PHP?

Question

this is crossing my mind and I\'m wondering if it is possible, how secure can it be to store info in the $_SESSION variable of PHP?

Answer 1

Where as less secure $_COOKIES are on the client computer, the $_SESSION is stored on the server. It's location is determined by the session.save_path of php.ini. However there are still security issues such as session fixation