How can PHP developers prevent session hijacking or unauthorized access to user data?

To prevent session hijacking or unauthorized access to user data, PHP developers can use session fixation prevention techniques such as regenerating the session ID after a successful login, setting the session cookie to be secure and HttpOnly, and storing sensitive data in the server-side session variables.

// Regenerate session ID after successful login
session_regenerate_id();

// Set session cookie to be secure and HttpOnly
ini_set('session.cookie_secure', 1);
ini_set('session.cookie_httponly', 1);

// Store sensitive data in server-side session variables
$_SESSION['user_id'] = $user_id;