Update PicoFarad (session creation improvements)

vendor/PicoFarad/Session.php

@@ -9,15 +9,33 @@ function open($base_path = '/', $save_path = '')
 {
     if ($save_path !== '') session_save_path($save_path);
 
+    // HttpOnly and secure flags for session cookie
     session_set_cookie_params(
         SESSION_LIFETIME,
-        $base_path,
+        $base_path ?: '/',
         null,
         isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on',
         true
     );
 
+    // Avoid session id in the URL
+    ini_set('session.use_only_cookies', true);
+
+    // Ensure session ID integrity
+    ini_set('session.entropy_file', '/dev/urandom');
+    ini_set('session.entropy_length', '32');
+    ini_set('session.hash_bits_per_character', 6);
+
+    // Custom session name
+    session_name('__$');
+
     session_start();
+
+    // Regenerate the session id to avoid session fixation issue
+    if (empty($_SESSION['__validated'])) {
+        session_regenerate_id(true);
+        $_SESSION['__validated'] = 1;
+    }
 }