While this could theoretically be possible, note that since Database-stored sessions aren't thread locked multiple apps could be writing to the session at the same time. Lots of data is stored in the session data (all the Auth information) so you'll need to be careful to ensure user data is handled uniformly across all apps.
But generally you'll want to create a new Datasource that will contain the shared "sessions" table (ex. named shared_sessions, in app.php:
'Datasources' => [
'shared_sessions' => [
'className' => 'Cake\Database\Connection',
'driver' => 'Cake\Database\Driver\Mysql',
'persistent' => false,
'host' => 'localhost',
'port' => '3306',
'username' => 'sessions_user',
'password' => '*******',
'database' => 'SHARED_SESSIONS',
'timezone' => 'UTC'
],
If you don't already have a SessionsTable, create it and specify the alternative connection information:
class SessionsTable extends Table
{
/**
* @return string
*/
public static function defaultConnectionName()
{
return 'shared_sessions';
}
....
You may still need to handle differences in other Auth data depending on what each app does to set/manipulate it, you may need to do some centralized storage in the shared database, but also store Auth data on an app level, using a Custom Storage Handler.
See:
