Like in Java, securing/renaming the PHP Session ID is simply a configuration item, generally this value is set as a cookie, but occasionally gets used in cases of URL Rewriting.
On Ubuntu your settings can be changed as follows, Windows will use the same settings in the appropriate file:
sudo vi /etc/php5/apache2/php.ini
- Modify the following values as needed:
session.name = "PHPSESSID"
session.cookie_httponly = 1