Merge branch 'PHP-5.5'

* PHP-5.5:
  Add session.use_strict_mode description to php.ini-*

php.ini-development

@@ -1400,6 +1400,14 @@ session.save_handler = files
 ; http://php.net/session.save-path
 ;session.save_path = "/tmp"
 
+; Whether to use strict session mode.
+; Strict session mode does not accept uninitialized session ID and regenerate
+; session ID if browser sends uninitialized session ID. Strict mode protects
+; applications from session fixation via session adoption vulnerability. It is
+; disabled by default for maximum compatibility, but enabling it is encouraged.
+; https://wiki.php.net/rfc/strict_sessions
+session.use_strict_mode = 0
+
 ; Whether to use cookies.
 ; http://php.net/session.use-cookies
 session.use_cookies = 1

php.ini-production

@@ -1401,6 +1401,14 @@ session.save_handler = files
 ; http://php.net/session.save-path
 ;session.save_path = "/tmp"
 
+; Whether to use strict session mode.
+; Strict session mode does not accept uninitialized session ID and regenerate
+; session ID if browser sends uninitialized session ID. Strict mode protects
+; applications from session fixation via session adoption vulnerability. It is
+; disabled by default for maximum compatibility, but enabling it is encouraged.
+; https://wiki.php.net/rfc/strict_sessions
+session.use_strict_mode = 0
+
 ; Whether to use cookies.
 ; http://php.net/session.use-cookies
 session.use_cookies = 1