In relation to this topic, does the session start automatically whenever a user visits my site? Or I should start it manually? Recently I noticed in many cases this `getId` method returns empty string. Are there any known bugs associated with this method?

Session should start automatically and always be there. The exception may be if a browser has cookies disabled.

There are various session storage engines that sit behind php: files, database, memory etc. Session issues can arise if c5 and environment session handler are not agreeing on configuration.

Thank you JohntheFish.
But I did a number of tests and I guess the session starts only for logged-in users. I set this code in \application\bootstrap\app.php:

and it always spits out "empty" for not logged-in visitors.

Then I tested this:

And it generates the id for every visitor. Does it make sense? Or am I missing something here?

There should always be a session, even if a guest has cookies disabled there should be a session that lasts as long as the request.

The usual situation is a guest has cookies enabled, so they will have a session cookie set that will be used to associate them with server-side session data between requests.

You shouldn't need to start a session. It will already be started by c5. Perhaps that is what is going wrong, you are starting a new session and it is empty because you just started it.
[edit] though reading again, you are testing the opposite of that.

So how should i justify the first piece of code? I guess the "on_shutdown" is triggered at the very end of a request cycle. And as I checked, for non-logged-in users, it always returns empty.