The Session ID can be configured far more so then your little "test" checks for.
From my own php.ini:
; Select a hash function for use in generating session ids.
; Possible Values
; 0 (MD5 128 bits)
; 1 (SHA-1 160 bits)
; This option may also be set to the name of any hash function supported by
; the hash extension. A list of available hashes is returned by the hash_alogs()
session.hash_function = 1
; Define how many bits are stored in each character when converting
; the binary hash data to something readable.
; Possible values:
; 4 (4 bits: 0-9, a-f)
; 5 (5 bits: 0-9, a-v)
; 6 (6 bits: 0-9, a-z, A-Z, "-", ",")
; Default Value: 4
; Development Value: 5
; Production Value: 5
session.hash_bits_per_character = 6
But honestly, your "test" is superfluous. If the session ID is invalid or false it won't match any existing session ID and won't be used to any great extent. PHP already handles these things internally.