Jump to content

Recommended Session length?


Recommended Posts

For PHP 7.4, what is the recommended session length that I should be using to have the best security?

In DEV< in my php.ini file, session.sid_length = 26

According to the comments above that, it sounds like you can go up to 256.

Is it fair to assume that larger is more secure?

Also, if I set it to a larger size like 256, is tehre any risk of breaking things on my (VPS) web server running WHM/cPanel?

Link to comment
Share on other sites

9 hours ago, requinix said:

The length of the session ID isn't even remotely as important as what you do with your sessions in code. Focus on that instead.

When I was searching last night for what the length might be, and where to find it, I saw an article by OWASP saying that your session id should be at least 128 bytes long to prevent against brute-force attacks, although I didn't read the article.

Would it hurt to change my php.ini file to have session.sid_length = 256 ?


Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.