security - Bad handling of PHP sessions variables? -

I am currently using the following code in my CMS so that it can be used to find that the log- These are so that they can edit the current page:

  if ($ _ session ['admin'] == "1") {resonance "and" ARR = "fobar /? Update "& Gt; Edit & lt; / A & gt; ";}  

But I worry that the code is unsafe. $ _session variable can not be easily modified by the user?

What would be a safe practice? No, it's a good way to do this. User $ _SESSION can not modify the global,

Stay away from client-side cookies .

Remember to make it even more secure. Switch to a better way to store IP addresses and check request that it remains the same between each.