Accessing session data outside Joomla

The solution is to set the session for your whole domain and/or site. It applies if you're trying to access the session data outside of joomla scope. For example, if your joomla site is located on http://example.com/joomla/ and your other site on http://othersite.example.com/ then the cookie holding the session id is not transmitted from joomla to the other site. To modify this behaviour, use session_ set_ cookie_ params before every session_start() (I don't know joomla very well, but you should have to add only a few lines of code). Use it this way:

session_set_cookie_params(86400, '/', '.example.com');

86400 is the lifetime of the session, set it to what you prefer (86400 is one day). '/' is the path of the cookie. It means that if your joomla site is located on http://example.com/joomla/ , the session cookie will still be sent if the user accesses http://example.com/ .

'.example.com' is the domain. Note the dot at the beginning, it's very important. It says that the session cookie will be sent on any subdomain of example.com. If you don't put it, the cookie will be sent only for addresses starting with http://example.com/ .

This should solve your problem, unless you are trying to access the session data from another domain. If it's the case, leave a comment here, I'll see if I cand find something.

 define( '_JEXEC', 1 );

 define('JPATH_BASE', 'your joomla basedir goes here' );

 define( 'DS', DIRECTORY_SEPARATOR );
 require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
 require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );

 JDEBUG ? $_PROFILER->mark( 'afterLoad' ) : null;
 $mainframe =& JFactory::getApplication('site');
 $mainframe->initialise();
 JPluginHelper::importPlugin('system');
 JDEBUG ? $_PROFILER->mark('afterInitialise') : null;
 $mainframe->triggerEvent('onAfterInitialise');

 $user =& JFactory::getUser();

    if ($user->guest) {
        echo 'stuff';
            //redirect('/');
    } else {
        echo 'user';
    }

Actually that's not as easy as it sounds. Joomla uses its own session handling with come unique session-id-generation and some encryption in place, so the only way to get into the Joomla session data is to use the appropriate Joomla functions (as others have suggested). I recently had a project where we needed to transfer a Joomla authenticated user into a separate application. We did this by adding a Joomla adapter which instantiates the Joomla user classes, reads the user data, puts everything into an encrypted cookie and redirects back to our application. In there we read the encrypted cookie, instantiate our own user object and discard the cookie. As this is not 100% secure we're changing the system to write the user data in a database table and read it from our application - we avoid the unsecure way through a cookie that way, because even though the cookie is encrypted (and contains sensitive user information which suffice to authenticate a user) it'll be transfered on wire and could be sniffed.

define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(dirname(__FILE__)));
define( 'DS', DIRECTORY_SEPARATOR );

require_once (JPATH_BASE . DS . 'includes' . DS . 'defines.php');
require_once (JPATH_BASE . DS . 'includes' . DS . 'framework.php');

$mainframe = JFactory::getApplication('site');

The above is the basic script required to access Joomla resources.