update page now

    Voting

    : one minus zero?
    (Example: nine)

    The Note You're Voting On

    theking2(at)king.ma
    1 year ago
    I generally use this to start a new session

<?php
    session_start( [ 
        'name' => DEBUG ? 'SessionId' : '__Secure-SessionId',
        'cookie_lifetime' => 0,
        'cookie_path' => '/',
        'cookie_secure' => true,
        'cookie_httponly' => true,
        'cookie_samesite' => 'Strict',
        'sid_length' => 96,
        'sid_bits_per_character' => 5,
        'use_strict_mode' => true,
        'referer_check' => $_SERVER['HTTP_HOST'],
    ] );
?>

which will create a session with increased entropy in the session cookie name, requires a secure session, make sure roque refers have no chance at my logon page among other things.

According to MDN[1] prefix "__Secure-" must be set for secure sessions.

[1](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie)

    << Back to user notes page

    To Top