Are there potential security risks associated with using cookies and sessions in PHP for user authentication?

One potential security risk associated with using cookies and sessions in PHP for user authentication is session hijacking. To mitigate this risk, it is important to use secure cookies and implement proper session management techniques such as regenerating session IDs after a successful login or periodically throughout the session.

// Use secure cookies for user authentication
session_set_cookie_params([
    'httponly' => true,
    'samesite' => 'Strict',
    'secure' => true
]);

// Regenerate session ID after successful login
session_regenerate_id(true);