Can You Switch PHP Sessions In a Session?

Question

I have two apps that I\'m trying to unify. One was written by me and another is a CMS I am using. My authentication happens in the one I coded and I\'d like my CMS to know t

Answer 1

You should use session_id, you can use it to set / get the session id (or name).

So instead of using session_name (in your pseudo code), use session_id.

Answer 2

session_regenerate _id()

The manual explains this pretty well but here's some example from the manual

session_start();

$old_sessionid = session_id();

session_regenerate_id();

$new_sessionid = session_id();

echo "Old Session: $old_sessionid<br />";
echo "New Session: $new_sessionid<br />";

print_r($_SESSION);

Answer 3

Zend_Session offers Namespacing for sessions.

Zend_Session_Namespace instances are accessor objects for namespaced slices of $_SESSION. The Zend_Session component wraps the existing PHP ext/session with an administration and management interface, as well as providing an API for Zend_Session_Namespace to persist session namespaces. Zend_Session_Namespace provides a standardized, object-oriented interface for working with namespaces persisted inside PHP's standard session mechanism. Support exists for both anonymous and authenticated (e.g., "login") session namespaces.

Answer 4

Note: the answer below is not correct, please don't use or vote up. I've left it here as a place for discussion

You solution should work (not that I ever tried something like that), except that you have to manually close the previous session before any call to session_name() as otherwise it will silently fail.

You can try something like this:

session_write_close();
$oldsession = session_name("MY_OTHER_APP_SESSION");
session_start();

$varIneed = $_SESSION['var-I-need'];
session_write_close();
session_name($oldsession);
session_start;

There's no need to actually mess with the session ID value, either through PHP session ID manipulation routines or through manual cookie mangling - PHP will take care of all that itself and you shouldn't mess with that.

Answer 5

I've been working on perfecting this and here is what I've come up with. I switch to a parent session using session names in my child apps and then back to my child app's session. The solution creates the parent session if it does not exist.

$current_session_id = session_id();
$current_session_name = session_name();

session_write_close();

$parent_session_name = 'NameOfParentSession';

// Does parent session exist?   
if (isset($_COOKIE[$parent_session_name])) {

    session_id($_COOKIE[$parent_session_name]);
    session_name($parent_session_name);
    session_start();

} else {
    session_name($parent_session_name);
    session_start();

    $success = session_regenerate_id(true);
}

$parent_session_id = session_id();

// Do some stuff with the parent $_SESSION 

// Switch back to app's session
session_write_close();
session_id($current_session_id);
session_name($current_session_name);
session_start();

Answer 6

It is possible. But I think you have to do the session handling yourself:

session_name('foo');
// start first session
session_start();

// …

// close first session
session_write_close();

session_name('bar');
// obtain session id for the second session
if (ini_get('session.use_cookies') && isset($_COOKIE[session_name()])) {
    session_id($_COOKIE[session_naem()]);
} else if (ini_get('session.use_trans_sid') && !ini_get('session.use_only_cookies') && isset($_REQUEST[session_name()])) {
    session_id($_REQUEST[session_naem()]);
}
// start second session
session_start();

// …

But note that you might do some of the other session handling things like cookie setting as well. I don’t know if PHP does this in this case too.