The contents of the SESSION superglobal cannot be changed. This lives on the server and the client has no way to access this.

SESSION 超全局变量的内容不能更改。这存在于服务器上，客户端无法访问它。

However, a session id is passed to the client so that when the client contacts the server the server knows which session to use. This value could be changed (See Calums answer for preventing thisSee http://php.net/manual/en/session.security.phpfor information). Which would allow a user to use someone elses session (but not change the value of the session).

但是，会话 id 会传递给客户端，这样当客户端联系服务器时，服务器就知道要使用哪个会话。可以更改此值（请参阅 Calums 答案以防止这种情况，有关信息，请参阅http://php.net/manual/en/session.security.php）。这将允许用户使用其他人的会话（但不能更改会话的值）。

PHP is a server-side programming language and the $_SESSION superglobal is only directly accessible on the server. With 'normal' php sessions, the data contained in the SESSON superglobal is passed back and forth between the browser and the server in a cookie. So technically, it is possible to modify the session with Javascript in a web browser by modifying the cookie.

PHP 是一种服务器端编程语言，$_SESSION 超全局变量只能在服务器上直接访问。对于“正常”的 php 会话，包含在 SESSON 超全局变量中的数据在浏览器和服务器之间通过 cookie 来回传递。因此，从技术上讲，可以通过修改 cookie 在 Web 浏览器中使用 Javascript 修改会话。

But please note, any attempt to do anything like this is probably a terrible idea and there's most likely a far more simple way to accomplish whatever you're trying to do.

但请注意，任何尝试做这样的事情都可能是一个糟糕的主意，而且很可能有一种更简单的方法来完成您想要做的任何事情。

Edit: This question I asked may be of use to you Codeigniter/PHP sessions security question

编辑：我问的这个问题可能对你有用 Codeigniter/PHP 会话安全问题

Not exactly, but you can simulate it with AJAX. Just write a php file that changes the value, and then call it from AJAX, just to execute it and change that value.

不完全是，但您可以使用 AJAX 模拟它。只需编写一个更改值的 php 文件，然后从 AJAX 调用它，只需执行它并更改该值。

Hope this helps you.

希望这对你有帮助。