PHP hardening using session.cookie_httponly & session.referer_check
PHP hardening using session.cookie_httponly & session.referer_check
session.cookie_httponly
Setting this value to 1 prevents JavaScript from accessing PHP session cookies. This can help prevent attackers from stealing session cookies. However, you may be unable to use this directive if your users utilize PHP session cookies via JavaScript.
session.referer_check
This parameter allows PHP to check HTTP referrer values. This allows you to specify a domain, ensuring that session information is only passed internally during the time a user is working with a web application. This will prevent your users from accidentally exposing session information that may allow malicious users to follow links and steal a session.
