Is there anything we need or can do about https://wiki.php.net/rfc/strict_sessions ? It is applied in PHP 5.5.3. > There is user land solution that validates session data, but this method is not widely adopted.