docs: add changelog and upgrade

Author: kenjis

user_guide_src/source/changelogs/v4.6.0.rst

@@ -90,6 +90,13 @@ environment, this behavior has been fixed so that error details are displayed if
 With this fix, the error details are now displayed under the same conditions for
 both HTML requests and non-HTML requests.
 
+Session ID (SID)
+----------------
+
+Now ``Session`` library forces to use the PHP default 32 character SIDs, with 4
+bits of entropy per character.
+See :ref:`Upgrading Guide <upgrade-460-sid-change>` for details.
+
 .. _v460-interface-changes:
 
 Interface Changes

user_guide_src/source/installation/upgrade_460.rst

@@ -126,6 +126,27 @@ The following is an example of code that will no longer work:
 
 .. literalinclude:: upgrade_460/001.php
 
+.. _upgrade-460-sid-change:
+
+Session ID (SID) Change
+=======================
+
+Now :doc:`../libraries/sessions` forces to use the PHP default 32 character SIDs,
+with 4 bits of entropy per character. This change is to match the behavior of
+PHP 9.
+
+In other words, the following settings are always used:
+
+.. code-block:: ini
+
+    session.sid_bits_per_character = 4
+    session.sid_length = 32
+
+In previous versions, the PHP ini settings was respected. So this change may
+change your SID length.
+
+If you cannot accept this change, customize the Session library.
+
 Interface Changes
 =================