diff --git a/lib/settings-common.php b/lib/settings-common.php
index 2c68bad..9827fb5 100644
--- a/lib/settings-common.php
+++ b/lib/settings-common.php
@@ -15,35 +15,25 @@ $context = stream_context_create(array('http'=>
 	)
 ));
 
-// Sets up a session, either with the default dir or local tmp dir
-function session_start_safe() {
-    // Trying with the default
-    session_save_path('');
-    @session_start();
-    if(!$_SESSION['working']) $_SESSION['working'] = true;
-    session_write_close();
-    session_unset();
-    session_destroy();
-    // Let's see if that worked
-    @session_start();
-    if($_SESSION['working']) {
-        unset($_SESSION['working']);
-        return; // we've got a working session
-    } else {
-        // Create a new session in the local tmp dir instead
-        session_unset();
-        session_destroy();
-        session_save_path(dirname(__FILE__).'/../tmp');
-        session_regenerate_id(true);
-        @session_start();
-    }
-}
-
 // Start a session if we haven't already
 if(!isset($_SESSION)) {
-	// Make the session cookie HTTP only
-	session_set_cookie_params(0, '/', '', false, true);
-	session_start_safe();
+	ini_set('session.use_cookies','1');				// Use cookies not URL parameters 
+	ini_set('session.use_only_cookies','1');			// Force use of cookies and nothing else
+	ini_set('session.name','ICEcoder_Cookie');			// Set a seperate cookie session name
+	ini_set('session.cookie_lifetime','0');        			// Until the browser restarts by default
+	ini_set('session.cookie_domain','');				// This domain only
+	ini_set('session.cookie_path',dirname(__FILE__).'../'); 	// ICEcoder path only
+	ini_set('session.use_trans_sid','0');				// Ensure this insecure feature is disabled
+	ini_set('session.hash_function','sha512');			// Use Sha512 for session
+	ini_set('session.hash_bits_per_character','6');			// Specify hash scheme of 0-9,a-v,A-Z,-,,
+	ini_set('session.use_strict_mode','1');				// Reject any session ID that was user provided and not generated by the session
+	ini_set('session.httponly','1');				// Only allow http protocol (ie, not JS) access to the cookie
+	ini_set('session.save_path',dirname(__FILE__).'/../tmp');	// Localise the session files to /tmp
+	if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
+		ini_set('session.cookie_secure','1');			// Only allows access to session ID when protocol is HTTPS, switched on under 'if https' condition 
+	}
+        session_regenerate_id(true);					// Create a new ID to help prevent fixation
+        @session_start();						// Finally, start the session!
 }
 
 // Set the language file, if now possible
@@ -186,4 +176,4 @@ if (!function_exists('array_replace_recursive')) {
 		return $base;
 	}
 }
-?>
+?>
\ No newline at end of file