The contents of the SESSION superglobal cannot be changed. This lives on the server and the client has no way to access this.
However, a session id is passed to the client so that when the client contacts the server the server knows which session to use.
This value could be changed (See Calums answer for preventing this See http://php.net/manual/en/session.security.php for information). Which would allow a user to use someone elses session (but not change the value of the session).
