What does `session.entropy_length` in `PHP.ini` do?
In the session section of PHP.ini there is a directive called session.entropy_length . I'm aware that it's used to make the generation of the session id more random. How does it do that? What is the maximum length? What if it's exceeding the bits of the hash in use? session.entropy_length specifies the number of bytes which will be read from the file specified above. Defaults to 0 (disabled). PHP Manual The "file mentioned above" is session.entropy_file 'entropy' for sessions is related to the randomness of session id values 来源: https://stackoverflow.com/questions/34966472/what-does-session