What is a good and secure session name?


Staff member
I've been a php developer for several years but mostly using a open source CMS such as wordpress or drupal. Both of these manage sessions in their own way and for the most part I never paid attention to them. Now I am building a custom website without using these cms's which means I need to manage the session myself. As this has lots of security implications I wanted more information about it. I understand security threats affecting form building and url's and general input but very little about session threats.
I noticed in my chrome inspector that my session cookie was named &quot;PHPSESSIONID&quot;. This is of course kind of gross. So I found I could change it using either
session.name = &quot;mysitename&quot;
or change it in the code using some value such as
session_name('mysite_' . $some_value);
<h1>The question.</h1>
<strong>What should I be setting this session name too?</strong> Is there a web standard for this? I did search for one and found nothing maybe I have the wrong key-words.
<strong>What are the security implications of setting this name?</strong> Should I include some specific variable in the name or not include a variable due to some possible conflicts. I'm really starting from scratch on the security side here so any info helps.