[Solved] Session Hash Algo in PHP 7.2


#1

Hi,

I’m sorry about posting something offtopic here (feel free to delete this if it’s deemed offensive) but I recently upgraded to PHP 7.2 and discovered that the session.hash_function directive is no longer supported.

Now, this is where the link to Slim comes in (and I’m assuming that there are quite a few security conscious people here): Given that this php.ini directive is gone, how would one make PHP use a more secure session hashing function?

Before you think I’m just plain lazy, I’ve spent some time googling this and haven’t come up with anything useful, so I’d figure I’d ask here.

Again, apologies for this (semi) offtopic post.


#2

Figured it out through some experimentation, you can just increase “session.sid_length” in php.ini … hashing has apparently been removed as a simplification and a performance optimization.