For reasons that were not my own, I'm working with an application running on nginx that places a GET variable into PHP's $_SERVER global.
What happens is:
A user logs in with Facebook connect
Facebook passes back the user's session as a JSON encoded GET variable to a callback PHP script
An nginx rule places the GET variable into $_SERVER before the PHP script runs
The PHP script references the variable placed in $_SERVER and uses it to log the user into the site
Despite the fact that this is a bad solution in general, is writing user specific runtime data to a $_SERVER variable even safe on nginx? Would it create any concurrency issues when multiple users are logging into the site?