How secure are PHP sessions?

Question

I\'m primarily a C++ programmer, but I\'m trying to pick up some PHP.

Apparently the way to implement web user sessions is to store the user\'s login ID in a cookie

Answer 1

No, a session is stored on the server and cannot be accessed by the user. It is used to store information across the site such as login sessions.

Here is an example of the usage:

The session can then be accessed across the site to check to see if the user has been authenticated.

The user cannot edit these values however the session's ID is stored on a computer through a cookie as a long random string. If an unauthorized user gains access to these strings it is possible for them to access the site.