Lets say i have a login system. This system authenticates the user via mysql, when the user is authenticated, i set a session variable to let the system know the user is authenticated. ie. $_SESSION["authenticated"] = true; Lets also say i know that's how the system works, that a session variable within my browser is set to true. Could i do this if i knew all this info and "authenticate" myself by setting the variable from the client side? If it is possible, what can i do to prevent this or increase security?