Why is Symfony Session data encrypted on my production server?

I want to share a single authentificaition method for to Symfony websites sharing the same top-domain. I use a cookie valid on all subdomains and sfPDOSessionStorage for keeping session data.

factories.yml is set up like this on both projects:

all:
  storage:
    class: sfPDOSessionStorage
    param:
      database: doctrine
      db_table: sessions
      session_name: myauth
      db_id_col: id
      db_data_col: sess_data
      db_time_col: time
      session_cookie_domain: ".mydomain.net"
      session_cookie_lifetime: 86400
      session_cookie_path: /

On my development machine and on my co-workers's machine this mechanism is working fine but on the server it does not (I'm asked for credentials when I switch sub-domains). The only difference I see between the two environments is the format in which the data is stored, the data seems to be encrypted on the prod server but appears in clear text on my machine. There's no sensitive data here so I can post an example :

Dev environment sess_data:

symfony/user/sfUser/lastRequest|i:1295349567;symfony/user/sfUser/authenticated|b:0;symfony/user/sfUser/credentials|a:0:{}symfony/user/sfUser/attributes|a:1:{s:30:"symfony/user/sfUser/attributes";a:1:{s:7:"referer"开发者_Python百科;s:0:"";}}symfony/user/sfUser/culture|s:2:"fr";

Production server sess_data:

BB7HBTsQg75NNGvb9Z8sexldqbS79YzDgrztQzSFhsUpEk2EeCOtKw8FQbm31vLIRyr3ZP_klwZFXywnkdem27naIWjIVBP_WwpwNRg4IMj1J0fIfxJN_UOw2RbCWh91L5ryCD_7_ynN2UtxfuJwUWnxoGuUvqD8YQxNdczQipmktPVFk1mVfKE1-BsrdHHLIXH_gi44-Bos3f-EshE5skuQpachnY1FkgvvvOuXEj7zxPflgA3xtGoqJxkDijT-uKnQCH4TrimhvkIRGCt0oVuOdsAJzuWW6ijgPCD3X767mSIzm_lQmJoSGxDB7fAgFihB7Ljoq0tsysC62BqTYFB6dTnuZoj3KON8lXlyNJZVyLgTWZ3EYoObtc8jCKYNDonSjEqzTvwg4NJRVoB5ePx61iTqbDd9qFlkryzj9J8.

I haven't got a clue which encryption type is used to store information in the database, nor am I sure that this is the root of my problems but as this is the only difference I can spot, I don't see any other explanation. (PHP and MySQL versions are identical, with Ubuntu 10.10 on my side and Debian Squeeze server-side).

I think there's some module installed on your production server responsible for encrypting the session's data.

For example, suhosin patch adds such a feature to PHP: http://www.hardened-php.net/suhosin/configuration.html

It's activated by suhosin.session.encrypt configuration option in php.ini.