PHP, as most of us know, has weak typing. What this means is that variable types are determined by context. It’s not always obvious what type a given variable is at any one time. It determines the types of variables and converts them as per requirement.
Most of modern websites are using sessions to control the experience for individual users, and to maintain state between requests (since HTTP is a stateless protocol after all). Sessions are fantastic and incredibly useful, but if managed incorrectly they can expose your website to security vulnerabilities and potentially allow a malicious attacker to gain unauthorized access to user accounts.