1)‘session.use_trans_sid”: on
[WHAT IS THIS AND HOW TO FIX IT?]

You may fix it in .htaccess
php_flag session.use_trans_sid off

2) [RELIABLE IPs DON’T GET BANNED?]
No. reliable IP won't be banned.

3)Protected IP bits for the session
[NOT SURE HOW THIS WORKS - CLOSES YOUR SESSION IF YOUR IP CHANGES?]

Some client moves his/her IP in some ranges.
eg)
192.168.1.3 - 1st access
192.168.1.203 - 2nd access
192.168.1.112 - 3rd access

All accesses should store the session.
In this case, 24bit is useful.

- 24bit protection
- A cracker knows the session_id
- access from 192.168.2.3 with the session_id

This session hi-jack never occurred.

I think 16bit is balanced value between IP round-range and cracker attacking possibility.


4) Force intval to variables like id
[ANYONE KNOW WHAT MODULES? I'VE NEVER HAD A PROBLEM WITH THIS]

Older weblog have the problem.
But the author tohokuaiki had already fixed it.