Set up security of php.ini

Settings in php.ini:
expose_php = Off
session.cookie_httponly = 1
session.cookie_secure = 1
session.cookie_samesite = Lax (from PHP 7.3)