Session Security?

Is it secure to use If ($_SESSION[‘authenticated’] == true) /////Show secure pageCan someone just go and change where the session variable is stored to make their $_SESSION[‘autheticated’]...