I should add this to the FAQ, but there are some quick instructions listed with the underlying Sessionz library: https://github.com/ericmann/sessionz#encryptionhandler. Copying here for simplicity …
Sessions stored on disk (the default implementation) or in a separate storage system (Memcache, MySQL, or similar) should be encrypted at rest. This handler will automatically encrypt any information passing through it on write and decrypt data on read. It does not store data on its own.
This handler requires a symmetric encryption key when it’s instantiated. This key should be an ASCII-safe string, 32 bytes in length. You can easily use Defuse PHP Encryption (a dependency of this library) to generate a new key:
$rawKey = Defuse\Crypto\Key::createNewRandomKey();
$key = $rawKey->saveToAsciiSafeString();
