锟酵会话锟斤拷全锟斤拷氐锟斤拷锟斤拷锟斤拷锟�

通锟斤拷使锟斤拷 INI 锟侥硷拷锟叫和会话锟斤拷全锟斤拷氐锟斤拷锟斤拷锟斤拷睿拷锟斤拷锟竭会话锟侥帮拷全锟皆★拷 锟斤拷一些锟斤拷要锟斤拷锟斤拷锟斤拷锟斤拷没锟斤拷默锟斤拷值锟斤拷 锟斤拷锟斤拷锟斤拷锟斤拷要锟斤拷锟斤拷锟斤拷锟矫★拷

  • session.cookie_lifetime=0

    0 锟斤拷示锟斤拷锟解含锟藉,锟斤拷锟斤拷知锟斤拷锟斤拷锟斤拷锟揭拷志没锟斤拷娲� cookie 锟斤拷锟捷★拷 也锟斤拷锟斤拷锟截憋拷锟斤拷锟斤拷锟斤拷锟绞憋拷颍峄� ID cookie 锟结被锟斤拷锟斤拷删锟斤拷锟斤拷 锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟轿拷锟� 0 锟斤拷值锟斤拷 锟斤拷锟杰会导锟铰会话 ID 锟斤拷锟斤拷锟斤拷锟矫伙拷使锟矫★拷 锟襟部凤拷应锟斤拷应锟矫把达拷锟斤拷锟斤拷锟斤拷为"0"锟斤拷

    锟斤拷锟接︼拷锟斤拷锟斤拷锟斤拷远锟斤拷锟铰硷拷墓锟斤拷埽锟� 锟斤拷锟斤拷锟斤拷实锟斤拷一锟街革拷锟接帮拷全锟侥凤拷式锟斤拷锟斤拷锟斤拷要使锟矫筹拷锟斤拷锟斤拷锟斤拷锟节的会话 ID 锟斤拷锟斤拷锟斤拷远锟斤拷锟铰硷拷锟�

  • session.use_cookies=On

    session.use_only_cookies=On

    锟斤拷然 HTTP cookie 锟斤拷锟斤拷一些锟斤拷锟解, 锟斤拷锟斤拷锟斤拷确实锟斤拷实锟街会话 ID 锟斤拷锟斤拷锟斤拷锟窖★拷锟斤拷锟斤拷锟� 锟斤拷锟斤拷锟杰的斤拷使锟斤拷 cookie 锟斤拷锟斤拷锟叫会话 ID 锟斤拷锟斤拷 锟斤拷锟揭大部凤拷应锟斤拷也确实锟斤拷只使锟斤拷 cookie 锟斤拷锟斤拷录锟结话 ID 锟侥★拷

    锟斤拷锟� session.use_only_cookies=Off锟斤拷 锟结话模锟斤拷锟斤拷诨锟斤拷锟� cookie 锟侥会话 ID 锟斤拷始锟斤拷之前 使锟斤拷 GET/POST/URL 锟斤拷锟斤拷锟叫的会话 ID锟斤拷锟斤拷锟斤拷锟斤拷诘幕锟斤拷锟斤拷锟�

  • session.use_strict_mode=On

    锟斤拷然锟斤拷锟斤拷 session.use_strict_mode 锟角必诧拷锟斤拷锟劫的o拷锟斤拷锟斤拷默锟斤拷锟斤拷锟斤拷拢锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷未锟斤拷锟矫的★拷

    锟斤拷锟斤拷锟矫凤拷止锟结话模锟斤拷使锟斤拷未锟斤拷始锟斤拷锟侥会话 ID锟斤拷 也锟斤拷锟斤拷说锟斤拷 锟结话模锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷约锟斤拷锟斤拷锟斤拷锟斤拷锟叫э拷幕峄� ID锟斤拷 锟斤拷锟杰撅拷锟斤拷锟矫伙拷锟皆硷拷锟结供锟侥会话 ID锟斤拷

    锟斤拷锟斤拷锟竭匡拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷 cookie 锟斤拷锟斤拷使锟斤拷 JavaScript 注锟斤拷姆锟绞� 锟斤拷锟斤拷锟矫会话 ID 锟斤拷锟叫癸拷锟斤拷锟斤拷 锟斤拷锟斤拷 session.use_strict_mode 锟斤拷锟斤拷锟斤拷 锟斤拷锟斤拷锟斤拷止使锟斤拷未锟斤拷锟结话模锟斤拷锟绞硷拷锟斤拷幕峄� ID锟斤拷

    Note:

    锟斤拷锟斤拷锟竭匡拷锟斤拷使锟斤拷锟皆硷拷锟斤拷锟借备锟斤拷锟斤拷锟结话 ID锟斤拷也锟斤拷锟斤拷使锟斤拷锟杰猴拷锟竭的会话 ID锟斤拷 锟斤拷锟斤拷锟斤拷也锟斤拷锟斤拷通锟斤拷一些锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷证锟结话锟斤拷跃锟斤拷 锟斤拷耍锟� 锟斤拷锟斤拷 session.use_strict_mode 锟斤拷锟斤拷锟斤拷 锟斤拷锟皆斤拷锟斤拷锟斤拷锟街凤拷锟秸★拷

  • session.cookie_httponly=On

    锟斤拷止 JavaScript 锟斤拷锟绞会话 cookie锟斤拷 锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷员锟斤拷锟� cookie 锟斤拷锟斤拷 JavaScript 锟斤拷取锟斤拷

    锟斤拷然锟斤拷锟斤拷使锟矫会话 ID 锟斤拷锟斤拷为锟斤拷锟斤拷锟斤拷站锟斤拷锟斤拷伪锟届(CSRF锟斤拷锟侥关硷拷锟斤拷锟捷o拷 锟斤拷锟角诧拷锟斤拷锟斤拷锟斤拷锟斤拷么锟斤拷锟斤拷 锟斤拷锟界,锟斤拷锟斤拷锟竭匡拷锟皆帮拷 HTML 源锟斤拷锟诫保锟斤拷锟斤拷锟斤拷锟斤拷锟揭凤拷锟酵革拷锟斤拷锟斤拷锟矫伙拷锟斤拷 为锟剿帮拷全锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷卟锟接︼拷锟斤拷锟� web 页锟斤拷锟斤拷锟斤拷示锟结话 ID锟斤拷 锟斤拷锟斤拷锟斤拷锟叫碉拷应锟矫讹拷应锟矫对会话 ID cookie 锟斤拷锟斤拷 httponly 为 On锟斤拷

    Note:

    锟斤拷锟狡会话 ID锟斤拷 CSRF 锟斤拷锟斤拷锟斤拷锟斤拷也应锟矫讹拷锟节的革拷锟铰★拷

  • session.cookie_secure=On

    锟斤拷锟斤拷锟斤拷锟斤拷 HTTPS 协锟斤拷锟铰凤拷锟绞会话 ID cookie锟斤拷 锟斤拷锟斤拷锟斤拷 web 站锟斤拷锟街э拷锟� HTTPS锟斤拷 锟斤拷么锟斤拷锟诫将锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷为 On锟斤拷

    锟斤拷锟节斤拷支锟斤拷 HTTPS 锟斤拷 web 站锟姐建锟介考锟斤拷使锟斤拷强锟狡帮拷全锟斤拷锟戒技锟斤拷锟斤拷HSTS锟斤拷锟斤拷

  • session.gc_maxlifetime=[选锟斤拷一锟斤拷锟斤拷锟斤拷锟斤拷小锟斤拷时锟斤拷锟絔

    session.gc_maxlifetime 锟斤拷锟斤拷锟斤拷删锟斤拷锟斤拷锟节会话锟斤拷锟捷碉拷时锟斤拷锟斤拷锟节★拷 锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟绞碉拷侄锟斤拷诠锟斤拷诨峄帮拷锟斤拷莸锟缴撅拷锟斤拷锟� 锟斤拷锟斤拷要锟皆硷拷锟斤拷实锟斤拷一锟阶伙拷锟斤拷时锟斤拷锟斤拷幕峄帮拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷诠锟斤拷锟斤拷锟狡★拷

    锟斤拷锟绞癸拷锟� session_gc() 锟斤拷锟斤拷锟斤拷锟斤拷锟叫会话锟斤拷锟斤拷锟斤拷锟斤拷锟秸硷拷锟斤拷 锟斤拷锟斤拷锟斤拷锟� UNIX 锟侥诧拷锟斤拷系统锟斤拷 锟斤拷锟绞癸拷锟斤拷锟斤拷锟� cron 锟斤拷锟斤拷锟侥讹拷时锟斤拷锟斤拷锟斤拷执锟斤拷 session_gc() 锟斤拷锟斤拷锟斤拷

    GC 锟斤拷锟斤拷锟斤拷时锟斤拷锟斤拷锟斤拷锟角撅拷准锟侥o拷锟斤拷锟斤拷一锟斤拷锟侥伙拷然锟皆o拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷畈拷锟斤拷锟饺凤拷锟� 锟缴的会话锟斤拷锟捷憋拷删锟斤拷锟斤拷某些锟结话锟芥储锟斤拷锟斤拷模锟介不使锟矫达拷锟斤拷锟斤拷锟筋。 锟斤拷锟斤拷锟斤拷锟较拷锟轿匡拷锟结话锟芥储模锟斤拷锟斤拷锟斤拷锟斤拷牡锟斤拷锟� 锟斤拷然锟斤拷锟斤拷锟斤拷员锟斤拷锟斤拷锟斤拷全锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷茫锟斤拷锟斤拷腔锟斤拷墙锟斤拷榻拷锟斤拷锟斤拷玫木锟斤拷锟斤拷艿锟叫★拷锟� 锟斤拷锟斤拷 session.gc_probability 锟斤拷 session.gc_divisor 锟斤拷锟斤拷锟斤拷 锟斤拷锟斤拷使锟矫癸拷锟节的会话锟斤拷锟斤拷锟斤拷锟绞碉拷锟斤拷锟斤拷锟斤拷锟节憋拷删锟斤拷锟斤拷 锟斤拷锟斤拷锟揭癸拷锟斤拷远锟斤拷锟铰硷拷墓锟斤拷埽锟斤拷锟绞癸拷锟斤拷锟斤拷锟斤拷锟斤拷影锟饺拷姆锟绞斤拷锟斤拷锟绞碉拷郑锟斤拷锟斤拷锟揭拷锟绞癸拷贸锟斤拷锟斤拷锟斤拷锟斤拷诘幕峄� ID 锟斤拷实锟街★拷

    Note:

    锟斤拷锟斤拷锟斤拷 memcached 锟斤拷锟斤拷 mecache 锟斤拷锟斤拷锟侥会话锟芥储锟斤拷 锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷泄锟斤拷诨峄帮拷锟斤拷莸锟斤拷锟斤拷锟斤拷占锟斤拷锟� 锟斤拷锟斤拷锟斤拷息锟斤拷慰锟斤拷锟接︼拷幕峄帮拷娲拷锟斤拷牡锟斤拷锟�

  • session.use_trans_sid=Off

    锟斤拷锟斤拷锟斤拷锟斤拷锟揭拷锟斤拷锟斤拷锟绞癸拷没峄� ID 透锟斤拷锟斤拷锟狡★拷 锟斤拷锟角o拷锟斤拷锟矫会话 ID 透锟斤拷锟斤拷锟狡匡拷锟斤拷 锟斤拷锟斤拷峄� ID 锟斤拷注锟斤拷锟皆硷拷泄漏锟斤拷 锟斤拷效锟斤拷锟斤拷呋峄帮拷锟饺拷浴锟�

    Note:

    锟结话 ID 锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟角╋拷锟斤拷弑锟斤拷锟斤拷锟斤拷锟斤拷锟� HTML 源锟斤拷锟斤拷锟叫憋拷泄漏锟斤拷

  • session.trans_sid_tags=[limited tags]

    锟斤拷PHP 7.1.0 锟斤拷锟斤拷锟较o拷一锟斤拷锟斤拷锟斤拷拢锟侥拷锟街碉拷涂锟斤拷裕锟� 锟斤拷锟斤拷锟斤拷锟斤拷写锟斤拷锟斤拷要锟侥憋拷签锟斤拷 之前锟芥本锟斤拷 PHP 锟斤拷使锟斤拷 url_rewriter.tags 锟斤拷锟斤拷锟筋。

  • session.trans_sid_hosts=[limited hosts]

    锟斤拷PHP 7.1.0 锟斤拷锟斤拷锟较o拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷瓒拷锟斤拷锟斤拷锟叫会话 ID 透锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷 锟斤拷锟斤拷锟斤拷锟斤拷锟叫硷拷锟斤拷锟姐不锟斤拷锟轿碉拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟轿拷眨锟� 锟斤拷锟斤拷锟斤拷锟� $_SERVER['HTTP_HOST'] 锟斤拷站锟斤拷锟斤拷谢峄� ID 透锟斤拷锟斤拷

  • session.referer_check=[your originating URL]

    锟斤拷锟斤拷锟斤拷 session.use_trans_sid 锟斤拷锟斤拷锟斤拷锟绞憋拷锟� 锟斤拷锟斤拷锟斤拷每锟斤拷越锟斤拷突峄� ID 注锟斤拷姆锟斤拷铡锟� 锟斤拷锟斤拷锟斤拷站锟斤拷锟斤拷 http://example.com/锟斤拷 锟斤拷么锟酵把达拷锟斤拷锟斤拷锟斤拷为 http://example.com/锟斤拷 锟斤拷要注锟斤拷锟斤拷牵锟斤拷锟斤拷使锟斤拷锟斤拷 HTTPS 协锟介, 锟斤拷么锟斤拷锟斤拷锟斤拷诜锟斤拷锟斤拷锟斤拷锟斤拷时锟津不伙拷锟斤拷锟� referrer 锟斤拷锟斤拷头锟斤拷 锟斤拷锟斤拷锟斤拷锟矫达拷锟斤拷锟斤拷锟筋,锟斤拷然锟斤拷锟斤拷锟斤拷锟角可匡拷锟侥帮拷全锟斤拷施锟斤拷

  • session.cache_limiter=nocache

    确锟斤拷锟斤拷锟斤拷锟窖撅拷锟斤拷证锟侥会话锟斤拷 锟斤拷 HTTP 锟斤拷锟捷诧拷锟结被锟斤拷锟斤拷锟斤拷锟斤拷妗� 应锟矫斤拷锟斤拷怨锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷妫� 锟斤拷锟津将伙拷锟斤拷锟斤拷锟斤拷锟斤拷泄露锟侥凤拷锟秸★拷 锟斤拷使 HTTP 锟斤拷锟捷诧拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟捷o拷 也锟斤拷锟皆帮拷锟斤拷锟斤拷锟斤拷为"private"锟斤拷 注锟解,"private"锟斤拷锟杰会导锟铰客伙拷锟剿伙拷锟斤拷私锟斤拷锟斤拷锟捷★拷 锟斤拷锟斤拷 HTTP 锟斤拷锟斤拷锟叫诧拷锟斤拷锟斤拷锟轿猴拷私锟斤拷锟斤拷锟捷碉拷时锟津,匡拷锟斤拷使锟斤拷"public"锟斤拷

  • session.sid_length="48"

    锟斤拷PHP 7.1.0 锟斤拷锟斤拷锟竭版本锟斤拷锟斤拷锟斤拷锟侥会话 ID 锟斤拷锟皆得碉拷锟斤拷锟竭的帮拷全强锟饺★拷 锟斤拷锟介开锟斤拷锟竭斤拷锟结话 ID 锟侥筹拷锟斤拷锟斤拷锟斤拷为锟斤拷锟斤拷锟斤拷 32 锟斤拷锟街凤拷锟斤拷 锟斤拷 session.sid_bits_per_character="5" 时锟斤拷 锟结话 ID 锟斤拷锟斤拷锟斤拷要 26 锟斤拷锟街凤拷锟斤拷

  • session.sid_bits_per_character="6"

    锟斤拷PHP 7.1.0 锟斤拷锟斤拷锟竭版本锟斤拷锟斤拷使锟结话 ID 锟侥筹拷锟斤拷锟借定锟斤拷锟戒, 锟斤拷锟竭的会话 ID 锟斤拷锟斤拷位锟斤拷锟斤拷也锟斤拷锟斤拷锟斤拷锟饺拷愿锟斤拷叩幕峄� ID锟斤拷

  • session.hash_function="sha256"

    锟斤拷PHP 7.1.0 锟斤拷锟斤拷锟竭版本锟斤拷锟斤拷强锟饺的癸拷希锟姐法锟斤拷锟斤拷锟斤拷锟缴革拷锟竭帮拷全锟皆的会话 ID锟斤拷 锟斤拷然说锟斤拷锟斤拷使锟角诧拷锟斤拷 MD5 锟斤拷希锟姐法锟斤拷要锟斤拷锟斤拷锟斤拷锟斤拷全一锟铰的癸拷希锟斤拷锟斤拷锟斤拷遣锟教拷锟绞碉拷模锟� 锟斤拷锟角伙拷锟角斤拷锟介开锟斤拷锟斤拷使锟斤拷 SHA-2 锟斤拷锟竭革拷锟斤拷强锟饺的癸拷希锟姐法锟斤拷 锟斤拷锟界,锟斤拷锟皆匡拷锟斤拷使锟斤拷 sha384 锟斤拷 sha512 锟斤拷希锟姐法锟斤拷 锟斤拷确锟斤拷 entropy 锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷每锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷玫墓锟较o拷惴拷锟斤拷锟斤拷映锟斤拷锟揭拷锟�