session_* can be misused if developer is not careful be closing the session as soon as possible to avoid being open during the entire request (mostly a problem for the default file session storage).
Personally I store a token in in my own cookie and then read from whatever storage. No need to correctly implement SessionHandlerInterface (which can be tricky to get right)
Personally I store a token in in my own cookie and then read from whatever storage. No need to correctly implement SessionHandlerInterface (which can be tricky to get right)