[eluser]WanWizard[/eluser]
You can tamper with everything, but in this case it's not going to be easy.
If you use the session library without the database, session data is stored in a cookie, client side. If you use the database, no session data is send to the client.
In either case, don't forget to encrypt the cookie, and use an encryption key with enough entropy.