What are the best practices for setting and accessing session variables in PHP to maintain user authentication status?

To maintain user authentication status in PHP, it is recommended to set session variables upon successful login and check these variables on subsequent pages to determine if the user is authenticated. It is important to properly secure session data and regenerate session IDs to prevent session fixation attacks.

// Start the session
session_start();

// Set session variables upon successful login
$_SESSION['user_id'] = $user_id;
$_SESSION['logged_in'] = true;

// Check session variables on subsequent pages
if(isset($_SESSION['logged_in']) && $_SESSION['logged_in'] === true) {
    // User is authenticated
} else {
    // Redirect to login page
}