I see quite some frameworks and CMS's that use their own session implementation instead of the native PHP session driver. All for their own reasons.
Examples of these are Wordpress, Laravel, CakePHP(somewhat).
What I am wondering is though, if they set a cookie manually and do session handling themselves how do they deal with thirdparty packages?
Thirdparty composer packages might interact with the default $_SESSION and might try and set session variables while $_SESSION is entirely not used.
Still with frameworks like Laravel from what I can remember it still interacts perfectly fine with thirdparty packages and they all get put into their own session implementation.
Would love to know from somebody who might have some experience with this.
edit
An example of a thirdparty package might be a php debugbar which can read from $_SESSION and insert it's own variable if needed. I know frameworks like Laravel have their own debugbar implementation for this that does not interact with the native $_SESSION.
I guess I want to know if it's viable to totally run your own $_SESSION implementation without having too much trouble.
It might not be a perfect answer but here is at least what I found out from dealing with custom sessions implementations & the latest Laravel install.
In Laravel 5.6 $_SESSIONglobal does not exist no session exists however when using the Session::all() it returns token of the session. This is logical.
Route::get('/', function () {
dump(Session::all());
dd($_SESSION);
return view('welcome');
});
Returns
array:3 [▼
"_token" => "G22ETumV1CQoolo2sAV0SA4wWmxFrZjTXTli7ico"
"_previous" => array:1 [▼
"url" => "http://127.0.0.1:8000"
]
"_flash" => array:2 [▼
"old" => []
"new" => []
]
]
And the dd
ErrorException in web.php line 16:
Undefined variable: _SESSION
From my own testing my conclusion is if the composer package that interacts with Sessions does not implement a Laravel ServiceProvider it will not be able to do anything with session.
Hope this is helpful response.