erlangparasu/secure-session-php.ini

## secure-session-php.ini
; ...

; Security
;
; The Fast Track to Safe and Secure PHP Sessions
; https://paragonie.com/blog/2015/04/fast-track-safe-and-secure-php-sessions
;
; http://www.slideshare.net/mikestowe/intro-to-php-security-12564855/7-All_it_takes_is_one
;
; Note:
; 1. Controlling Incoming Data (.ini file)
; 2. Checking Data Types ($_POST)
; 3. Validating All Incoming Data

allow_url_fopen = 0
allow_url_include = 0
register_globals = off
session.cookie_httponly = 1
session.cookie_secure = 1
session.entropy_length = 32
session.hash_bits_per_character = 5
session.hash_function = sha256
session.save_handler = files
session.use_cookies = 1
session.use_only_cookies = 1
zend.script_encoding = UTF8

; *.php
; session_regenerate_id(true);
; filter_var();
; string_tags();
; htmlentities();

; ...
	; ...

	; Security
	;
	; The Fast Track to Safe and Secure PHP Sessions
	; https://paragonie.com/blog/2015/04/fast-track-safe-and-secure-php-sessions
	;
	; http://www.slideshare.net/mikestowe/intro-to-php-security-12564855/7-All_it_takes_is_one
	;
	; Note:
	; 1. Controlling Incoming Data (.ini file)
	; 2. Checking Data Types ($_POST)
	; 3. Validating All Incoming Data

	allow_url_fopen = 0
	allow_url_include = 0
	register_globals = off
	session.cookie_httponly = 1
	session.cookie_secure = 1
	session.entropy_length = 32
	session.hash_bits_per_character = 5
	session.hash_function = sha256
	session.save_handler = files
	session.use_cookies = 1
	session.use_only_cookies = 1
	zend.script_encoding = UTF8

	; *.php
	; session_regenerate_id(true);
	; filter_var();
	; string_tags();
	; htmlentities();

	; ...