The main issues with $_SESSION are:
- Security in shared hosting environments
- The trans-sid feature placing the session ID in the URL
The alternative is $_COOKIE, which is what $_SESSION is kinda based on. The session saves an identifier as a cookie, and uses that to reference a file.
You can solve the security issue by using your own session handlers to read/write data to a database instead of a file.
You can solve the trans-sid issue by... turning it off.
I'd love to hear what issues you've heard of with $_SESSIONs though, as I find most complaints to be unfounded and ridiculous.