Sessions for php and third party access

Just looking for some ideas and maybe feedback on what I have at the moment.

A website that has standard access using a generated 'session id' stored as a PHP session. This is alwazs passed as a GET method and checks if the user has been active for the last 10 minutes. Otherwise unset and log out.

Problem I have if a mobile application accesses the same information in a similar manner... is it best to use the session开发者_如何转开发 id's ... as it can become annoying if suddenly your session runs out in a mobile app, esp. if the app has been left open.

So I thought of using a dev key. What is the best way to use a dev key for third party access? Is it to simply override the session key - i.e constant log in? or is it maybe best to use both?

Thanks in advance

I wouldn't suggest using a GET parameter to maintain sessions. It can leave you vulnerable to attacks. If you really want to do it make sure you generate the session IDs randomly. But whenever I want sessions I use PHP's built in session functions

You would manage a distributed session using db. You create the same session data on a table, then, the differents clients can ask to the db if exists a session open. You can try that using different status from the session. In that way, you can use the table to persist the session data, but use the built in php sessions functions, like @Adam Lynch says