An Introduction To PHP Sessions
This has a been an often debated point against the use of sessions. The reality is that a session, like any other programming method, will be as secure as you make it. With the advent of session came new ways in which a malicious user could hijack your session and your identity.
It is beyond the scope of this introduction to go in-depth into session security and is left as an exercise to the reader to hunt out resources for session security. An excellent place to begin is this fine article on PHP Session Security, and of course there is always, the PHP manual.