<p>If a page checks for the existence of a PHP Session:</p> <pre class="prettyprint"><code>if (isset($_SESSION['secret'])) {...grant access to EVERYTHING!!!} </code></pre> <p>Is it possible / How could I generate <code>$_SESSION['secret']</code> on my machine, in a situation where I don't have access to the page's back-end code? I'm trying to hack into the international space station...</p>

Is it possible to forge a PHP session ID?

If a page checks for the existence of a PHP Session:

if (isset($_SESSION['secret'])) {...grant access to EVERYTHING!!!}

Is it possible / How could I generate $_SESSION['secret'] on my machine, in a situation where I don't have access to the page's back-end code? I'm trying to hack into the international space station...

You cannot. Or well, you can generate a $_SESSION['secret'] on your machine, but it is a different value and you cannot simply put it onto the ISS. You cannot directly alter the $_SESSION superglobal unless there's a bug or security hole in the script that lets you.