First of all, bCrypt is a simple encryption, a one way hash and it is a bad standard to store bCrypt encrypted data in php session.
Secondly, php can write to a config file but it is risky due to future deployments and race conditions.
Solution : Store all of the database credentials using a strong symmetric cryptography algorithm like AES-256 with GCM, CTR, CFB, OFB mode. ECB mode is not secure and CBC mode can lead to oracle padding attacks.
Read more here -