There's no official documentation on this so you would will have to do some digging.
We recommend using federated login through something like Laravel Passport to share login between 2 apps, that way one doesn't depend on the other to work, and breaking changes on one side won't affect the other.
If you want to read the Flarum session, keep in mind this is not officially part of the public API so this could change in a future 1.x version.
The remember me cookie will map with the Access Token in the access_tokens
table with type session_remember
, which then maps to the user through the user_id
foreign key. But this cookie only exists if the user selects "remember me" during login, otherwise it won't exist.
The flarum_session
cookie maps to the Symfony session ID, which by default uses the filesystem driver based on PHP's $_SESSION
system. In the Symfony session object there's a key access_token
which contains the token which matches with the access_tokens
table and again to the user.
Access tokens have an expiration date in the database which should be checked before accepting the token. The tokens are periodically deleted by the garbage collector but on low activity forums this might not happen immediately so the date check is important.