Security of $_SESSION array

Question

When a low-privilege non-administrator user logs into my web app successfully, I am storing the following data in the $_SESSION array:

$_SESSION         


        

Answer 1

If you don't provide such access in your script there isn't much users can do about that. So your session data should be pretty secure. The only thing user can do is to manipulate session cookie or session id passed in the URL but it's unlikely that he will find an existing session id of another user.