What are the potential pitfalls of using session variables in PHP for storing data related to user actions?

Potential pitfalls of using session variables in PHP for storing data related to user actions include security vulnerabilities such as session hijacking or session fixation attacks. To mitigate these risks, it is important to properly sanitize and validate user input before storing it in session variables, and to regenerate the session ID after a user logs in or performs a sensitive action.

// Regenerate session ID after login
session_regenerate_id();

// Sanitize and validate user input before storing in session
$_SESSION['username'] = filter_var($_POST['username'], FILTER_SANITIZE_STRING);