Renaming PHPSESSID

Like in Java, securing/renaming the PHP Session ID is simply a configuration item, generally this value is set as a cookie, but occasionally gets used in cases of URL Rewriting.

On Ubuntu your settings can be changed as follows, Windows will use the same settings in the appropriate file:

  1. sudo vi /etc/php5/apache2/php.ini
  2. Modify the following values as needed:

    session.name = "PHPSESSID"
    session.cookie_httponly = 1

REFERENCES