diff --git a/reference/session/functions/session-create-id.xml b/reference/session/functions/session-create-id.xml
index ea4957d520..a48819f94a 100644
--- a/reference/session/functions/session-create-id.xml
+++ b/reference/session/functions/session-create-id.xml
@@ -123,6 +123,7 @@ my_session_regenerate_id();
session_regenerate_id
session_start
+ session.use_strict_mode
diff --git a/reference/session/ini.xml b/reference/session/ini.xml
index 2c3553f0e3..38d63a4620 100644
--- a/reference/session/ini.xml
+++ b/reference/session/ini.xml
@@ -118,18 +118,6 @@
PHP_INI_ALL
-
- session.entropy_file
- ""
- PHP_INI_ALL
- Removed in PHP 7.1.0.
-
-
- session.entropy_length
- "0"
- PHP_INI_ALL
- Removed in PHP 7.1.0
-
session.cache_limiter
"nocache"
@@ -160,24 +148,6 @@
PHP_INI_ALL
Available since PHP 7.1.0.
-
- url_rewriter.tags
- "a=href,area=href,frame=src,form="
- PHP_INI_ALL
- Available since PHP 4.0.4. Since PHP 7.1.0, this INI is no longer used by session.
-
-
- session.bug_compat_42
- "1"
- PHP_INI_ALL
- Available since PHP 4.3.0. Removed in PHP 5.4.0.
-
-
- session.bug_compat_warn
- "1"
- PHP_INI_ALL
- Available since PHP 4.3.0. Removed in PHP 5.4.0.
-
session.sid_length
"32"
@@ -190,6 +160,54 @@
PHP_INI_ALL
Available since PHP 7.1.0.
+
+ session.upload_progress.enabled
+ "1"
+ PHP_INI_PERDIR
+ Available since PHP 5.4.0.
+
+
+ session.upload_progress.cleanup
+ "1"
+ PHP_INI_PERDIR
+ Available since PHP 5.4.0.
+
+
+ session.upload_progress.prefix
+ "upload_progress_"
+ PHP_INI_PERDIR
+ Available since PHP 5.4.0.
+
+
+ session.upload_progress.name
+ "PHP_SESSION_UPLOAD_PROGRESS"
+ PHP_INI_PERDIR
+ Available since PHP 5.4.0.
+
+
+ session.upload_progress.freq
+ "1%"
+ PHP_INI_PERDIR
+ Available since PHP 5.4.0.
+
+
+ session.upload_progress.min_freq
+ "1"
+ PHP_INI_PERDIR
+ Available since PHP 5.4.0.
+
+
+ session.lazy_write
+ "1"
+ PHP_INI_ALL
+ Available since PHP 7.0.0.
+
+
+ url_rewriter.tags
+ "a=href,area=href,frame=src,form="
+ PHP_INI_ALL
+ Available since PHP 4.0.4. Since PHP 7.1.0, this INI is no longer used by session.
+
session.hash_function
"0"
@@ -203,47 +221,29 @@
Available since PHP 5.0.0. Removed in PHP 7.1.0.
- session.upload_progress.enabled
- "1"
- PHP_INI_PERDIR
- Available since PHP 5.4.0.
-
-
- session.upload_progress.cleanup
- "1"
- PHP_INI_PERDIR
- Available since PHP 5.4.0.
-
-
- session.upload_progress.prefix
- "upload_progress_"
- PHP_INI_PERDIR
- Available since PHP 5.4.0.
-
-
- session.upload_progress.name
- "PHP_SESSION_UPLOAD_PROGRESS"
- PHP_INI_PERDIR
- Available since PHP 5.4.0.
-
-
- session.upload_progress.freq
- "1%"
- PHP_INI_PERDIR
- Available since PHP 5.4.0.
-
-
- session.upload_progress.min_freq
- "1"
- PHP_INI_PERDIR
- Available since PHP 5.4.0.
-
-
- session.lazy_write
- "1"
- PHP_INI_ALL
- Available since PHP 7.0.0.
-
+ session.entropy_file
+ ""
+ PHP_INI_ALL
+ Removed in PHP 7.1.0.
+
+
+ session.entropy_length
+ "0"
+ PHP_INI_ALL
+ Removed in PHP 7.1.0
+
+
+ session.bug_compat_42
+ "1"
+ PHP_INI_ALL
+ Available since PHP 4.3.0. Removed in PHP 5.4.0.
+
+
+ session.bug_compat_warn
+ "1"
+ PHP_INI_ALL
+ Available since PHP 4.3.0. Removed in PHP 5.4.0.
+
@@ -540,6 +540,13 @@
with strict mode.
Defaults to 0 (disabled).
+
+
+ Enabling session.use_strict_mode is mandatory for
+ general session security. All sites are advised to enable this. See
+ session_create_id example code for more details.
+
+