Obviously you can't share session files without sharing the classes, which is hardly an option considering a gap between versions.
In general case you would need to use one of single sign on systems - OAuth2, OpenId, etc. e.g. https://github.com/FriendsOfSymfony/FOSOAuthServerBundle
Alternatively you can do it manually, which will require a bit more coding, but can be tailored to your needs and potentially smaller operational costs. In this case your app1 should provide an API to return user info by sessionId, and app2 should implement custom authentication to query this API. The API should not be exposed, and be available only to the app2 container.