How can PHP sessions be manipulated through cookies and what measures can be taken to prevent this?

PHP sessions can be manipulated through cookies by modifying the session ID stored in the cookie. To prevent this, you can regenerate the session ID on each page load to make it harder for attackers to guess a valid session ID. This can be done by setting the session.use_strict_mode to true in the PHP configuration.

// Regenerate session ID on each page load
ini_set('session.use_strict_mode', 1);
session_regenerate_id(true);