Php security qustion, to do with sessions and variables

i have a site which has a lot of if $_SESSION is set conditions, im just wondering, is it possible for the end user to set variables in php aside from what i have hard coded in my .php file? eg if there was a text box on a form can they manipulate it to set $_session[‘id’] = 1?

thank you

If the values are in the file no, once you set them. Afterward it depends. I mean if the
he can find the session file on the server which is inside the temp folder and anyone can write there… you know what happens next. You can always manage this by creating custom session files under the
application’s directory which should be running with fastcgi/cgi as some user and noone else has write access there.