Issue #2164025 by skipyT, mcdruid, pwolanin: Improve security of session ID against DB exposure or SQL injection

Issue #3170525 by mcdruid, nullkernel, simonholt83, MustangGB, Znak, axle_foley00, Fabianx, akorkot, cilefen, thalemn, Ayesh, ressa, finne: Set samesite cookie attribute for PHP sessions

Issue #3025335 by mcdruid, mfb, joseph.olstad, Fabianx, kiamlaluno, Pol: [PHP 7.3] Cannot change session id when session is active

Issue #2460833 by jackbravo, colinmccabe, checker, Alan D., twistor: _drupal_session_destroy() should return boolean

Issue #1317628 by Albert Volkman, Gaelan, disasm, mjonesdinero, xjm: Clean up API docs for include files n-z

Issue #1688036 by lucascaro, sun: Fixed Session regenerate and destroy functions do not adhere to drupal_save_session().

Issue #825972 by daniels220, Reidsy, jhodgdon: Fixed sess_write()/sess_read() documentation should recommend  instead.

- Patch #846330 by JacobSingh, Gábor Hojtsy: impossible to log in with default PHP settings due to cookie lifetime.

- Patch #348448 by mfb, c960657, marvil07, cdale, jpmckinney: fixed PHP strict warnings when running tests and for PHP 5.3.

- Patch #721436 by catch, chx, sun, eojthebrave, David_Rothstein, moshe weitzman: remove magical fairy saving of cruft from user_save().

#710142 by Berdir, moshe weitzman, chx: Handle exceptions in shutdown functions (with tests). Hopefully the last of these weird 'Stack frame in Unknown line 0' errors.

- Patch by #1577 by chx, boombatower, Bèr Kessels, kkaefer: made SSL support a bit easier by providing two cookies and ... hook_goto_alter.