How can PHP sessions be used to maintain user login status without compromising security?
To maintain user login status without compromising security, PHP sessions can be used to store a unique session ID on the server side while only sending a session cookie to the client side. This session ID can then be used to retrieve user-specific data without exposing sensitive information in the browser.
// Start the session
session_start();
// Check if user is logged in
if(isset($_SESSION['user_id'])){
// User is logged in, perform necessary actions
} else {
// User is not logged in, redirect to login page
header("Location: login.php");
exit();
}