Issue #147 #148 #153: dot-session related fixes.

[alexmerlin]

No description provided.

[arhimede]

in readme.md
instead of
so make sure you modify your local.php, as per the following:

to be:
so make sure you modify your session.global.php, as per the following:

[alexmerlin]

in readme.md instead of so make sure you modify your local.php, as per the following:

to be: so make sure you modify your session.global.php, as per the following:

Short answer:
My point with that sentence is to remind developers to add session_config.cookie_secure = false ONLY to local.php, without adding it to local.php.dist or session.global.php as well because that will disable secure cookies on production.

Long answer:
As discussed today, we want to keep in session.global.php the configuration session_config.cookie_secure set to true - this way developers don't need to remember to enable it on production.
Setting session_config.cookie_secure to false directly in session.global.php and comitting the file to the repo will disable the configuration on production as well.
Tha's why I recommended setting session_config.cookie_secure in local.php and remind developers to not add it to local.php.dist as well (because when developing, we add a config in local.php and then update local.php.dist with the same config).