What are the best practices for storing session IDs in PHP?

To securely store session IDs in PHP, it is recommended to use session cookies with the 'HttpOnly' and 'Secure' flags set. This helps prevent session hijacking and cross-site scripting attacks. Additionally, it is important to regenerate the session ID after a user logs in or changes privilege levels to mitigate session fixation attacks.

// Enable secure and HttpOnly flags for session cookies
ini_set('session.cookie_secure', 1);
ini_set('session.cookie_httponly', 1);

// Regenerate session ID after login or privilege change
session_regenerate_id(true);