For complete session cookie control I use this snippit
<?php
session_set_cookie_params( [
'lifetime' => 0,
'path' => '/',
'domain' => $_SERVER['HTTP_HOST'],
'samesite' => 'Strict',
] );
session_start( [
'name' => 'SESSION',
'sid_length' => 96,
'sid_bits_per_character' => 6,
'use_strict_mode' => true,
'referer_check' => $_SERVER['HTTP_HOST'],
] );
?>
This will set the params to the recommended ones and generates a cookie id of reasonable quality.