added security upgrades to the session section

Jsitech / JShielder

Hardening Script for Linux Servers/ Secure LAMP-LEMP Deployer/ CIS Benchmark

GNU General Public License v3.0

758 stars 241 forks source link

added security upgrades to the session section #18

Closed ghost closed 5 years ago

ghost commented 5 years ago

sid_length (default is 32, moved it to 128, can even up it to 256), sid_bits_per_character, cookie_samesite, cookie_secure, cookie_lifetime, and use_strict_mode

There are some config options in here which are no longer being used by PHP, I don't think they do anything but they should be taken out at some point. safe_mode = Off is an example of this.

ghost commented 5 years ago

PHP documentation for the Session section for reference: https://secure.php.net/manual/en/session.configuration.php