How can PHP sessions be used to maintain user login status without compromising security?

To maintain user login status without compromising security, PHP sessions can be used to store a unique session ID on the server side while only sending a session cookie to the client side. This session ID can then be used to retrieve user-specific data without exposing sensitive information in the browser.

// Start the session
session_start();

// Check if user is logged in
if(isset($_SESSION['user_id'])){
    // User is logged in, perform necessary actions
} else {
    // User is not logged in, redirect to login page
    header("Location: login.php");
    exit();
}