protected function _configure(&$params)
{
$expiration = config_item('sess_expiration');
if (isset($params['cookie_lifetime'])) {
$params['cookie_lifetime'] = (int) $params['cookie_lifetime'];
} else {
$params['cookie_lifetime'] = !isset($expiration) && config_item('sess_expire_on_close') ? 0 : (int) $expiration;
}
isset($params['cookie_name']) or $params['cookie_name'] = config_item('sess_cookie_name');
if (empty($params['cookie_name'])) {
$params['cookie_name'] = ini_get('session.name');
} else {
ini_set('session.name', $params['cookie_name']);
}
isset($params['cookie_path']) or $params['cookie_path'] = config_item('cookie_path');
isset($params['cookie_domain']) or $params['cookie_domain'] = config_item('cookie_domain');
isset($params['cookie_secure']) or $params['cookie_secure'] = (bool) config_item('cookie_secure');
session_set_cookie_params($params['cookie_lifetime'], $params['cookie_path'], $params['cookie_domain'], $params['cookie_secure'], TRUE);
if (empty($expiration)) {
$params['expiration'] = (int) ini_get('session.gc_maxlifetime');
} else {
$params['expiration'] = (int) $expiration;
ini_set('session.gc_maxlifetime', $expiration);
}
$params['match_ip'] = (bool) (isset($params['match_ip']) ? $params['match_ip'] : config_item('sess_match_ip'));
isset($params['save_path']) or $params['save_path'] = config_item('sess_save_path');
$this->_config = $params;
// Security is king
ini_set('session.use_trans_sid', 0);
ini_set('session.use_strict_mode', 1);
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
ini_set('session.hash_function', 1);
ini_set('session.hash_bits_per_character', 4);
}