Exploring Sessions in MODx

MODx uses the default PHP function session_start(), using the server filesystem to store session files. Depending on how the server is configured, this is usually in the /tmp directory. Cookies are usually used to maintain the session across page requests, although the server may be configured to pass the session ID in the URL query string instead. Session lifetime depends on the site's PHP settings. See the PHP documentation for more details.

MODx generates a unique session name for each MODx installation when it creates the config.inc.php file, around line 17. The session is started in the main index.php file, around line 109, using a function startCMSSession() (defined near the bottom of the config.inc.php file), before the document parser is instantiated.

 This session is available to any snippet, module or plugin code. When using external AJAX processors, however, the session_name must be set and the session started as part of the processor's code, unless you use a MODx resource with a snippet to act as the AJAX processor.

On first accessing the site, the SESSION array will be empty. A logged-in Manager user requesting front-end pages (using the Site -> Preview menu item, for example) will have a session already started.

If you were to log in to the Manager from sottwell.com, and view this page from www.sottwell.com, you would not see the SESSION values for the Manager user. This is because the www subdomain is treated as a different domain. This won't happen, though, since I have a rewrite rule in my .htaccess file to rewrite all sottwell.com requests to www.sottwell.com.

This page was generated by MODx, and you can view your SESSION values below.  Note how they will change depending on whether or not you are logged in.

To observe how these SESSION values change, log in as the test user (test - testing) and you'll also see a new menu item under "Articles". Log in to this site's MODx manager as the guest manager user (guest - guestuser). Log in as both! Log in from different browsers or computers at the same time and compare the values.

Web User Login Form

Session ID:

a06507d1fa59e1bbe8246a7329a80f1e

SESSION values:

Array
(
    [webUserGroupNames] => Array
        (
        )

)