go to bug id or search bugs for
From manual page: http://www.php.net/function.session-name
Documentation mentions that only alphanum chars should be used as a session name since the name can be used in URLs and cookies.
This is a bit too restrictive and prevent for example to use the cookie prefixes restriction  browser feature.
According to RFC1738 and RFC3986 the characters $-_.+!*'(), should also be safe to use in URLs and it seems that RFC6265 does not add more limitations for cookies. These characters can probably be added to the documentation as "safe to use" as the name of a session.
Add a Patch
Add a Pull Request
I believe this is due to legacy reasons. In past, PHP had register globals settings, which means cookie names must meet PHP variable naming restrictions. This option no longer exists, so I think this restriction should be elevated.