changed the hashing algorithm from sha1 to sha256 due to security problems

[lucianidev]

hello,
in the issue #989 the user references a vulnerability in the hashing algorithm sha1. The hashing method resulted vulnerable to hash collision, making it insecure. I changed the hashing method from sha1 to sha256 making it more secure. Tell me about any problems.
I hope you have a good day

Documentation:
https://crypto.stackexchange.com/questions/48289/how-secure-is-sha1-what-are-the-chances-of-a-real-exploit
https://www.quora.com/How-secure-is-SHA1-What-are-the-chances-of-a-real-exploit
https://stackoverflow.com/questions/38038841/why-is-sha-1-considered-insecure

[jonchurch]

sha1 is being used as a fast and efficient hash to detect changes in the session object

It is not cryptographically relevant, nor used for signing purposes.

[krko12345]

Hello team, is this going to be addressed at some point soon?
Session is being reported as vulnerability by monitoring tools because of its use of sha1.

[bjohansebas]

One option would be to allow the user to choose which hashing algorithm to use

[jonchurch]

@bjohansebas I wouldn't accept that change personally. Adding an additional config for internals of the library that consumers don't have to worry about is net negative IMO.

I understand that some automated security tools flag SHA-1 as a general vulnerability, but in this specific case, it’s a false positive. Switching to SHA-256 would introduce unnecessary overhead without adding security benefits.