Session sharing in PHP

Question

Consider the following scenario:

1. There are 2 pages in a server, namely: parent.php and child.php
2. parent.php sets a session containing highly-secretive information
3. parent.php then calls child.php via Ajax then process whatever information is received

The enigma: child.php needs to have the same session state as parent.php in order to give the information parent.php requested.

Is this possible?

Answer 1

Sessions are usually assigned through cookies being set and recognized. GET variables are also used sometimes, but is considered an elevated security threat, as the GET variable is visible in the URL.

PHP can be set to a certain level of strictness when it comes to when to re-use an existing session. You can, for example, fiddle with:

• cookie lifetime
• cookie domain settings
• cookie path
• if the IP needs to be the same every time
• if the user agent needs to be the same every time

The default settings are not very strict.

When all conditions are met, PHP will automatically re-use the existing session when session_start() is called.

Answer 2

As long as you call session_start() at the top of each script, both scripts are on the same domain, and the session cookie isn't confined to a subdirectory, the variables you set in $_SESSION on the first request will still exist in the second.