What are the potential security risks associated with storing login state in session variables in PHP?

Storing login state in session variables in PHP can lead to security risks such as session hijacking or session fixation attacks. To mitigate these risks, it is recommended to regenerate the session ID upon successful login to prevent session fixation and to use HTTPS to encrypt the session data in transit.

// Regenerate session ID upon successful login
session_regenerate_id(true);