This manual page says:
Note: As of PHP 5.4.0 session.entropy_file defaults to
/dev/urandomor/dev/arandomif it is available. In PHP 5.3.0 this directive is left empty by default.
So, what's /dev/arandom and how does it differ from /dev/[u]random?
From here. It appears as though arandom will guarantee that sufficient entropy is present before returning the amount of data requested. It also appears to be limited to OpenBSD implementations. urandom will return the amount of data requested no matter whether there is enough entropy -- which obviously could introduce a vulnerability if there is not enough.
This page does a reasonable job explaining what the device is:
As required, entropy pool data re-seeds an ARC4 generator, which then generates high-quality pseudo-random output data.
More information about the underlying technique is available from Wikipedia.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 祖国的老花朵 的文章《What is /dev/arandom?》','https://www.manongdao.com/article-951479.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}