Writing about open source, PHP internals, static analysis, and software security.https://jorgsowa.me/https://jorgsowa.me/posts/2026-06-16-securing-php-session-defaults/https://jorgsowa.me/posts/2026-06-16-securing-php-session-defaults/How I got an RFC merged into php-src that tightens session cookie defaults (use_strict_mode, httponly, and SameSite) after years of them lagging behind security recommendations.Tue, 16 Jun 2026 00:00:00 GMThttps://jorgsowa.me/posts/2026-03-25-hello-world/https://jorgsowa.me/posts/2026-03-25-hello-world/Wed, 25 Mar 2026 00:00:00 GMT