Session encryption settings is controlled via .env's parameter

SESSION_ENCRYPT

It also could be overriden via /config/session.php encrypt seting