when checking for user login, i usually do this like after the user has logged in with the correct username and password, i will set a SESSION or COOKIE variable like 'login' = 1;

so when i check if the user is logged in, i do this:
Code PHP:
if($_SESSION['login'] == "1") {
 print "logged in";

however i began to wonder if this is secure enough? is it possible where people can fake a cookie or session by creating a similar cookie name and value to 1?