derickr, 11 days ago

@itsjoshbruce Maybe set the https://www.php.net/manual/en/session.configuration.php#ini.session.name setting to something that isn't PHPSESSID? You're... going to need a cookie regardless.

bhhaskin, 11 days ago

@derickr @itsjoshbruce yeah the cookie itself is not the session data, but just an ID that points at the session data.

derickr, 11 days ago

@bhhaskin @itsjoshbruce Yes exactly... so what would you want to do different?

itsjoshbruce, 11 days ago

@derickr @bhhaskin: Well done!

I didn't know session_name was a thing, and definitely clean for changing the key.

I think this will do the trick of step 1 - change the cookie key. And, step 2 - set custom ID:
session_name($sessionName);

/** Custom ID logic */

session_id($customId);

session_start();

No custom class implementing session handler interface is necessary...at least that I'm aware of as of now

Thank!

bhhaskin, 11 days ago

@itsjoshbruce @derickr keep in mind that some hosts will block custom cookies. (https://docs.pantheon.io/cookies#why-isnt-my-cookie-being-savedretrieved)

This is due to caching configurations.

itsjoshbruce, 11 days ago

@bhhaskin @derickr: Good looking out, and fair.

I'll go with the simple approach first. Make sure it works locally, then deploy it to production and verify it will also work there before getting too far into the rest of the solution.

Nothing sucks more than "it works on my machine" - and, your server being like "I'm not your machine. [insert maniacal laughter here]"