What potential pitfalls should be considered when handling session data in PHP?

One potential pitfall when handling session data in PHP is the risk of session fixation attacks, where an attacker can force a user to use a known session ID. To prevent this, you can regenerate the session ID whenever the user's privilege level changes or after a successful login.

// Regenerate session ID to prevent session fixation attacks
session_regenerate_id(true);