Keshav 11 Questions 0 Answers 0 Best Answers 20 Points View Profile 0 Keshav Asked: April 17, 2020In: PHP How to improve security of PHP sessions? 0 How to improve security of PHP sessions? php Share Facebook 1 Answer Voted Oldest Recent Mohd Tariq United Arab Emirates 0 Questions 10 Answers 0 Best Answers 40 Points View Profile tariq Added an answer on April 28, 2020 at 6:01 am The PHP sessions alone are not secure enough to prevent interception in PHPSESSID by an attacker. Below mentioned measures are also needed to protect the confidentiality of the sessions. o Using HTTPS prevents attackers from accessing PHPSESSID cookie. It is a good practice and makes session more secure but sometimes it also fails. o Set session.use_strict_mode = on in php.ini. It refuses uninitialized session_id and creates a new session_id. o Set session.use_only_cookies = on and session.use_trans_sid = off. Doing this will stop displaying session_id in a Referrer header and server will always get PHPSESSID from cookie and will ignore PHPSESSID passed in the URL. o Regenerate session_id periodically using session_regenerate_id() for session security. It reduces the risk of stolen session_id 0 Reply Share Share Share on Facebook Share on Twitter Share on LinkedIn Share on WhatsApp Sorry, you do not have a permission to answer to this question.