diff --git a/user_guide_src/source/changelogs/v4.6.0.rst b/user_guide_src/source/changelogs/v4.6.0.rst
index 4c34f05be882..d3dc4529d512 100644
--- a/user_guide_src/source/changelogs/v4.6.0.rst
+++ b/user_guide_src/source/changelogs/v4.6.0.rst
@@ -90,6 +90,13 @@ environment, this behavior has been fixed so that error details are displayed if
 With this fix, the error details are now displayed under the same conditions for
 both HTML requests and non-HTML requests.
 
+Session ID (SID)
+----------------
+
+Now ``Session`` library forces to use the PHP default 32 character SIDs, with 4
+bits of entropy per character.
+See :ref:`Upgrading Guide <upgrade-460-sid-change>` for details.
+
 .. _v460-interface-changes:
 
 Interface Changes
diff --git a/user_guide_src/source/installation/upgrade_460.rst b/user_guide_src/source/installation/upgrade_460.rst
index da0875849156..a06729a30f29 100644
--- a/user_guide_src/source/installation/upgrade_460.rst
+++ b/user_guide_src/source/installation/upgrade_460.rst
@@ -126,6 +126,27 @@ The following is an example of code that will no longer work:
 
 .. literalinclude:: upgrade_460/001.php
 
+.. _upgrade-460-sid-change:
+
+Session ID (SID) Change
+=======================
+
+Now :doc:`../libraries/sessions` forces to use the PHP default 32 character SIDs,
+with 4 bits of entropy per character. This change is to match the behavior of
+PHP 9.
+
+In other words, the following settings are always used:
+
+.. code-block:: ini
+
+    session.sid_bits_per_character = 4
+    session.sid_length = 32
+
+In previous versions, the PHP ini settings was respected. So this change may
+change your SID length.
+
+If you cannot accept this change, customize the Session library.
+
 Interface Changes
 =================