Session class has a method _configure_sid_length() that may provide some clues. Like for instance in some cases it does:
PHP Code:
ini_set('session.hash_function', 1);
and in some cases it does:
PHP Code:
ini_set('session.sid_length', $sid_length);
That would for sure make a difference. CodeIgniter will drop the session if there is no regex match for the session ID. The good news for you is that this method is easy to use outside of CodeIgniter. I think technically all you need is the upper 37 lines.
