Add additional session checks

[enygma]

Check for valid values of:

• session.entropy_file
• session.entropy_length
• session.use_strict_mode
• session.use_only_cookies
• session.cookie_lifetime
• session.use_trans_sid
• session.hash_function (set to 1)
• session.bug_compat_42 (set to 0)
• session.bug_compat_warn (set to 0)

http://www.php.net/manual/en/session.configuration.php

[enygma]

Should renaming the session cookie (PHPSESSID) be considered? I could see it being a "warning" item, but not a failure.

[xsist10]

New merge pull #67 for:

session.hash_function (set to non-broken hashing mechanism)
session.bug_compat_42 (set to 0)
session.bug_compat_warn (set to 0)

[sbusch]

See also here: https://stackoverflow.com/questions/5081025/php-session-fixation-hijacking