I have a page on my site that allows me to "spoof" into any user registered. This works by serializing my current session, building a new session based off of the spoofed users credentials, then storing my original serialized session in this new session so I can later return to my own identity.
I have a problem with actually storing the session however. After I write all the new session data to the $SESSION array and the script ends, the acutal session file on the server has not changed, so the spoof is incomplete. To work around this I have used the following code to copy the $SESSION array, close the session, reopen it, then copy the data back into the $_SESSION array and close it once again.
$old_session = $_SESSION;
session_write_close();
session_start();
$_SESSION = array();
foreach($old_session as $key => $value) {
$_SESSION[$key] = $value;
}
session_write_close();
Needless to say this is a major headache, and it took me an entire day to try and debug this only to come up with this hack of a fix. Any ideas on what could be keeping the session from writing to the disk? I originally thought I might be hitting some sort of session file size limit, but have not found any documentation of something like this existing. For good measure I took a large amount of data out of the session with the same results.
