Access to non-current-user sessions data in PHP

Question

Is it possible to access data in other users sessions than the sessions which is active with the currently connecting client ($_SESSION)?

If so, how?

score 2 · Answer 1 · answered Jan 02 '10 at 04:58

2

Yes, but it would be a hack. You would have to look at the session storage mechanism and read it directly. I believe it is files by default, stored in /tmp.

If you need to be more precise about it, consider defining your own session storage mechanism and then providing exta hooks to accomplish what you want.

http://www.php.net/manual/en/function.session-set-save-handler.php

answered Jan 02 '10 at 04:58

gahooa

131,293
12
98
101

Regarding defining custom session mechanism, it's an old write-up, but the principles alone should be helpful: http://shiflett.org/articles/storing-sessions-in-a-database – micahwittman Jan 02 '10 at 06:02

score 1 · Answer 2 · answered Mar 12 '10 at 01:14

Yes, call session_id() before session_start() and specify the ID you're interested in. The same function also returns the current session ID, which you can log or pass along elsewhere. You can do this multiple times, by closing the session, setting a new ID and restarting. It'll transparently provide access ($_SESSION). Remember to set it back, because it'll update the session ID cookie.

score 0 · Answer 3 · answered Mar 12 '10 at 01:00

0

you can retrieve the session data by setting the session id:

http://example.com/index.php?PHPSESSID=1234

where 1234 is the session id

answered Mar 12 '10 at 01:00

user292021

1

Access to non-current-user sessions data in PHP

3 Answers3