I would like to know if it is possible to read $_SESSION attributes without locking it.
Currently, session_start() locks SESSION, that means other PHP processes will wait until it is unlocked.
But, some processes just want to get some $_SESSION variables, not to write on them.
Is that possible to implement some function like session_get(string $id) which doesn’t lock SESSION?
Also, it is possible to share SESSIONs between browsers, once the user is logged in the same account, for example, using session_id('shared_vars_of_'.$userid). But, is that secure? Is this discouraged?
Thanks,
Nuno
Interesting question!
session_write_close() is not exactly what you’re asking for but it should help speed up the process:
A script that needs only read-only access could start the session, copy the session variables into another array and apply session_write_close(). It won’t be a fully read-only solution – it could be that you’d need to build your own session handler for that – but it should be a big step forward.
Update: I just found an interesting issue from 2001 in the PHP 4 tracker that seems to introduce a patch enabling read only sessions – it doesn’t seem to have made it to the official releases, though, at least not according to the documentation! Maybe it’s worth digging further or reopening the Ticket for PHP 5.