As the title asks,
What are the pros and cons of high php session.sid_bits_per_character and session.sid_length?
The obvious pros are that the higher bits and length means even harder to brute force or overlaps, but is there much or any cons aside from the vague compatibility problem?
I ask this as that is as much information the manual provides.
https://www.php.net/manual/en/session.configuration.php#ini.session.hash-function
I can imagine possible cons, but these are at most dumb guesses.
- longer length means bigger cookies and longer processing, also longer for RDBS id matching (with the unique, key column constraints? But as a key column, shouldn’t matter right?)
- longer to generate? Maybe but probably by an impactable amount??
Is there any reason NOT to change these 2 settings to the following in the php.ini file?
sid_bits_per_character = 6
sid_length = 256