turingmachine

Member
Jul 29, 2018
9
0
1
istanbul
cPanel Access Level
Website Owner
I'm using EasyApache4
I'm using PHP 7.3
I'm trying to increase PHPSESSID security and increase length..
I want set session.sid_length but it does not exist in MultiPHP.ini Editor
But session.hash_function exist. (But it seems it is not effective in PHP 7.3)
I set it to 1 and set Algorithm to SHA. But the PHPSESSID remains 32 hex character..
Is it a bug or is there another way of setting session.sid_length?
Regards..
 
Last edited:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
16,626
2,625
363
cPanel Access Level
Root Administrator
Hey there!

The best way I have found to achieve this is to add a custom .ini file inside the PHP configuration directory on the server. For example, if you wanted to make this change to PHP 7.3 you would add a file to the /opt/cpanel/ea-php73/root/etc/php.d/ directory with your setting in there. I simply created a file named "custom.ini" in that directory with the following entry:

Code:
session.sid_length=33
and then checked a phpinfo page on my site to confirm this change was applied.

If you are using CloudLinux the path the file would be /opt/alt/php73/etc/php.d/

Can you try that and let me know if that works well for you?
 

turingmachine

Member
Jul 29, 2018
9
0
1
istanbul
cPanel Access Level
Website Owner
Hi,
I have solved my issue by adding a new entry just under session.hash_bits_per_character entry...
as like that..
session.sid_length=xx
I have checked and it's working.
Best Regards.