(I was looking some tips for php session security but in my total ignorance I miss lot of basic things. I'm doing a very basic web game without login but I need to store session)
If is safe store $_SESSION['logged_in'] = TRUE;
...
Is not safe, then, store userId in session_id like session_id(userId)
when all players knows other users Id? If not, what is the diference?