Is this the right way to start more secure session in PHP?

Question

I'm new to web development and even newer to sessions. I use the following code to start a session in one of my PHP files and include it everywhere else:

ini_set('session.cookie_lifetime', 0);
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
ini_set('session.use_strict_mode', 1);
ini_set('session.cookie_httponly', 1);
ini_set('session.cookie_secure', 0);
ini_set('session.use_trans_sid', 0);
ini_set('session.cache_limiter', 'private_no_expire');
ini_set('session.hash_function', 'sha256');

session_start();

Is this the right way to start a session so as to reduce the number of possible session attacks (which I'm not all familiar with, but I know they exist)?

EDIT: Is adding session_regenerate_id() right after session_start() above regenerating the session ID too frequently if this file is included in every page? Should I just include session_regenerate_id(true) for the login process?

Answer 1

How to set session options:

php.ini Solution

Change directly the values

.htaccess Solution

Create a file named .htaccess on documentroot (I believe, by default in xampp isc:\xampp\htdocs

<IfModule mod_php5.c>
  php_value session.cookie_lifetime 0
  php_value session.use_cookies 1
  php_value session.use_only_cookies 1
  php_value session.use_strict_mode 1
  php_value session.cookie_httponly 1
  php_value session.cookie_secure 0
  php_value session.use_trans_sid 0
  php_value session.cache_limiter 'private_no_expire'
  php_value session.hash_function 'sha256'
</IfModule>

PHP Solution (you need to setup this options on each file)

ini_set('session.cookie_lifetime', 0);
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
ini_set('session.use_strict_mode', 1);
ini_set('session.cookie_httponly', 1);
ini_set('session.cookie_secure', 0);
ini_set('session.use_trans_sid', 0);
ini_set('session.cache_limiter', 'private_no_expire');
ini_set('session.hash_function', 'sha256');