Don't set cookie_path or use strict mode

Using cookie_path on IE has an issue and causes session, then CSRF
issues
Stop using strict_mode as causes a problem on some setups
Add notes to these and httponly re IE and PHP version

lib/settings-common.php

@@ -22,13 +22,14 @@ if(!isset($_SESSION)) {
 	ini_set('session.name','ICEcoder_Cookie');			// Set a seperate cookie session name
 	ini_set('session.cookie_lifetime','0');        			// Until the browser restarts by default
 	ini_set('session.cookie_domain','');				// This domain only
-	ini_set('session.cookie_path',str_replace($_SERVER['DOCUMENT_ROOT'],'',dirname(dirname(__FILE__)))); 	// ICEcoder path only
+//	ini_set('session.cookie_path',str_replace($_SERVER['DOCUMENT_ROOT'],'',dirname(dirname(__FILE__)))); 	// ICEcoder path only, fails ON IE
 	ini_set('session.use_trans_sid','0');				// Ensure this insecure feature is disabled
 	ini_set('session.hash_function','sha512');			// Use Sha512 for session
 	ini_set('session.hash_bits_per_character','6');			// Specify hash scheme of 0-9,a-v,A-Z,-,,
-	ini_set('session.use_strict_mode','1');				// Reject any session ID that was user provided and not generated by the session
-	ini_set('session.httponly','1');				// Only allow http protocol (ie, not JS) access to the cookie
+//	ini_set('session.use_strict_mode','1');				// Reject any session ID that was user provided and not generated by the session			(since PHP 5.5.2)
+	ini_set('session.httponly','1');				// Only allow http protocol (ie, not JS) access to the cookie						(since PHP 5.2.0)
 	ini_set('session.save_path',dirname(__FILE__).'/../tmp');	// Localise the session files to /tmp
+
 	if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
 		ini_set('session.cookie_secure','1');			// Only allows access to session ID when protocol is HTTPS, switched on under 'if https' condition 
 	}