What is gained by changing the name of the PHPSESSID cookie?

Question

What is best practice regarding the naming of the PHPSESSID cookie? Symfony2 allows you to change this via the configuration and you can also change it in php.ini's session.name.

Why would you want to though?

Answer 1

It allows you to run multiple applications on the same site that each need their own cookies to perpetuate the session id. Of course, the same could also be accomplished by setting the session cookie path and/or cookie domain properly.

Another reason could be that you want to hide the fact that you're using PHP and the name PHPSESSID is pretty indicative of that fact.

Or you just don't like the name; much up to you - the developer - to choose a pretty name if you want to.

Answer 2

It may also be considered as a kind of trivial "security through obscurity" practice. Various HTTP fingerprinting applications try to detect the technologies used to implement a web application by monitoring the server header, page prefixes, session ID cookie name (which you'll change) and behavior of the web server upon receiving crafted requests.

Although these kind of stuff barely increase the security of web apps, they may be used to fool potential attackers. Jack's answer points out the main benefit.