Ensure session ID is always regenerated before authentications (prevent same-domain cookie planting) Session entropy source will only be set if not already set LocalStorage instead of Cookies for "skip warning" setting (Storage has stricter security model) Suppress errors using error_handling(0) instead of @ (which would still get caught by custom handlers)
…g usersecret when deleting accounts with tokens
…ix: use IS NULL instead of <=> NULL
…ile header to separate file.
client: added certificate (StartSSL root)