I have an API where I am passing the session id back and forth between calls. I set up the session like so:
// start API session
session_name('apikey');
session_id($data['apikey']); // required to link session
session_start();
Although I named my session and am passing the session id via GET and POST using the name, PHP does not automatically resume that session. It always creates a new one unless I set the explicitly set the session id.
I found some old user comments on www.php.net that said unless the session id is the first parameter PHP won't set it automatically. This seems odd, but even when I call tried it still didn't work: rest_services.php?apikey=sdr6d3subaofcav53cpf71j4v3&q=testing
I have used PHP for years, but am a little confused on why I needed to explicitly set the session with session_id() when I am naming the session and passing it's key accordingly.
UPDATE
It seems I wasn't clear. My question is why is setting the session ID with session_id() required when I am passing the id, using the session name apikey, via $_GET or $_POST. Theoretically this is no different than PHP's SID when cookies are disabled. But for me it doesn't work unless I explicitly set the session ID. Why?