session.hash_function

[turingmachine]

I'm using EasyApache4
I'm using PHP 7.3
I'm trying to increase PHPSESSID security and increase length..
I want set session.sid_length but it does not exist in MultiPHP.ini Editor
But session.hash_function exist. (But it seems it is not effective in PHP 7.3)
I set it to 1 and set Algorithm to SHA. But the PHPSESSID remains 32 hex character..
Is it a bug or is there another way of setting session.sid_length?
Regards..

 

[cPRex]

Hey there!

The best way I have found to achieve this is to add a custom .ini file inside the PHP configuration directory on the server. For example, if you wanted to make this change to PHP 7.3 you would add a file to the /opt/cpanel/ea-php73/root/etc/php.d/ directory with your setting in there. I simply created a file named "custom.ini" in that directory with the following entry:

session.sid_length=33

and then checked a phpinfo page on my site to confirm this change was applied.

If you are using CloudLinux the path the file would be /opt/alt/php73/etc/php.d/

Can you try that and let me know if that works well for you?

 

[turingmachine]

Hi,
I have solved my issue by adding a new entry just under session.hash_bits_per_character entry...
as like that..
session.sid_length=xx
I have checked and it's working.
Best Regards.

 

[cPRex]

Great - I'm glad that's working well!!!