What potential security risks are involved in not using the true parameter in session_regenerate_id()?

When not using the true parameter in session_regenerate_id(), there is a potential security risk of session fixation attacks. This means that an attacker could potentially hijack a user's session by fixing their own session ID onto the user's session. To mitigate this risk, it is important to use the true parameter in session_regenerate_id() to generate a new session ID and invalidate the old one.

// Start the session
session_start();

// Regenerate session ID with true parameter to prevent session fixation attacks
session_regenerate_id(true);