How can session variables be securely managed in PHP to prevent unauthorized access?

Session variables can be securely managed in PHP by using session tokens or cookies with secure settings, validating user input, and implementing proper session handling functions. It is essential to regenerate the session ID after a user logs in or changes privilege levels to prevent session fixation attacks.

// Start the session
session_start();

// Regenerate session ID to prevent session fixation attacks
session_regenerate_id(true);

// Validate user input and set session variables
$_SESSION['user_id'] = validate_input($_POST['user_id']);
$_SESSION['username'] = validate_input($_POST['username']);