What are the security risks associated with displaying session IDs in URLs?

Displaying session IDs in URLs can expose sensitive information to potential attackers, as they can easily intercept and misuse these session IDs to gain unauthorized access to a user's session. To mitigate this risk, it is recommended to store session IDs in secure HTTP cookies instead of displaying them in URLs.

// Store session ID in a secure HTTP cookie
session_start();
session_regenerate_id();
$_SESSION['user_id'] = 123; // Replace with actual user ID