سلام این تابعیه برای امن تر کردن Session در php
<?php
function sec_session_start() {
// Set a custom session name
$session_name = 'sa_sess';
// Preventing XSS attacks
$httponly = true;
// If you are using https set it to true.
$secure=false;
// Preventing session fixation
ini_set('session.use_only_cookies', 1);
if (ini_set('session.use_only_cookies', 1) === FALSE)
exit('Could not initiate a safe session');
// Uses a strong hash
ini_set('session.hash_function', 'whirlpool');
// Gets current cookies params.
$cookieParams = session_get_cookie_params();
session_set_cookie_params($cookieParams["lifetime"],
$cookieParams["path"],
$cookieParams["domain"],
$secure,
$httponly);
// Sets the session name to the one set above.
session_name($session_name);
// Finally, start the PHP session
session_start();
//session_regenerate_id(true); // regenerated the session, delete the old one.
}
sec_session_start();