Support

TL;DR: Don't use Shared Sessions.

Admin Tools does not change your configuration.php settings, except for the temp and log paths and even these if and only if you use the specific feature to check their validity in Admin Tools and you explicitly consent in changing them.

Shared Sessions is a convenience feature which comes at the expense of security. Logging into the backend or the frontend of the site also logs you into the other side of the application at the same time. In my opinion this is nonsense. If you really need to switch between front- and backend all that much just use WebAuthn and a password manager to log into the site. What I mean is enable WebAuthn (adding your platform-specific biometrics or PIN for every device and OS you are using). Then, in your password manager (which can be the browser's built-in one) save the correct username and the wrong password. When you visit a page of your site which requires authentication the password manager automatically fills in the username and password fields — the latter isn't needed but password managers generally refuse to fill in just a username, hence the need for a wrong password. Then click on WebAuthn and complete the login using your WebAuthn authenticator, biometrics, or PIN. Ta-da! You are logged in securely to your site.

Regardless of using Admin Tools, I recommend against using Shared Sessions in your Global Configuration for the reason you divined. Having a predictable session name is insecure in many ways. Moreover, it makes it far more dangerous falling victim to phishing or XSS since you are always logged into your site's backend even if you have only yourself logged into the frontend of the site. Security is about minimising your exposure, the Shared Sessions acting as a way which increases your exposure.

So, no don't use Shared Sessions. It's a bad idea from a security point of view.

You're welcome!