Let's say I have a v1.11 wiki at www.mydomain.com/wiki/Main_Page, with source and all in /w as seems to be standard. I want to provide users logged in to the wiki with a set of data management forms, say at www.mydomain.com/maint/index.php (and other .php files under / maint). I'd like to use the wiki login for /maint authentication, and grab the username and userid to put in the database for auditing purposes, as well as controlling access to the forms. In other words, once users successfully log into the wiki, their session info is used to control access by other .php scripts under the same domain.
I have very little php session experience, and so am not sure where to start. Do my /maint .php files do a session_start(), and if so, what cookies to I look for to get username and userid? Can I just check for the username and userid cookies directly (and if so, what are they called), or is that open to spoofing? I've looked at my own Firefox cookies and see no PHPSESSID, so there must be some other session id thingy somewhere.
I must be overlooking the obvious. Any help appreciated.