From cb2a6082aa1c02915d54275474187a1c2ad18fe6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20D=C3=BCsterhus?= <tim@bastelstu.be>
Date: Sun, 3 Nov 2024 20:30:56 +0100
Subject: [PATCH] session: Remove session ID-format related INIs from
 session/security.xml

These are deprecated with PHP 8.4, because the defaults are fine.
---
 reference/session/security.xml | 23 -----------------------
 1 file changed, 23 deletions(-)

diff --git a/reference/session/security.xml b/reference/session/security.xml
index 025b4e382e02..ac1927417787 100644
--- a/reference/session/security.xml
+++ b/reference/session/security.xml
@@ -721,29 +721,6 @@
      </para>
     </listitem>
 
-    <listitem>
-     <para>
-      <link linkend="ini.session.sid-length">session.sid_length</link>="48"
-     </para>
-     <para>
-      (PHP 7.1.0 &gt;=) Longer session IDs results in stronger session IDs.
-      Developers should consider a session ID length of 32 characters or more.
-      At least 26 characters are required when
-      <link linkend="ini.session.sid-bits-per-character">session.sid_bits_per_character</link>="5".
-     </para>
-    </listitem>
-
-    <listitem>
-     <para>
-      <link linkend="ini.session.sid-bits-per-character">session.sid_bits_per_character</link>="6"
-     </para>
-     <para>
-      (PHP 7.1.0 &gt;=) The more bits there are in a session ID character,
-      the stronger the session ID generated by the session module is for an
-      identical session ID length.
-     </para>
-    </listitem>
-
     <listitem>
      <para>
       <link linkend="ini.session.hash-function">session.hash_function</link>="sha256"