How to fix session commit in PHP

Question

How to fix session commit in PHP / cakephp. I am on a shared host.

I AM on a shared host, how can I enable it if I don't have aces for php.ini

0

aWebDeveloper Sep 19 '10 at 11:46

1 answer

Volkerk · Answer 1 · 2010-09-19T13:14:24+0000

Set session.use_only_cookies = true . This is more complicated with cookies than with POST / GET parameters for entering and / or a social engineer a session identifier.
Set session.cookie_httponly = true . Not really because of session fixation, but session capture ... In any case, there should be no good reason for the client side of the script to be able to read the session id cookie.
Use session_regenerate_id () as often as you see fit; at least every attempt to login.