Let's assume you can get access to the admin session in the frontend, I don't think there will be any issues. Just make sure that you wrap the code (actions or display) around something like this:
if (getTheAdminSession()->getUser()){//getTheAdminSession() is just a placeholder for the admin session getter
//code or output here
}
If you have this and the admin is not logged in then there should not be any issues (in theory). Those pieces of code will be skipped.
Now the hard part. I'm not sure how it's possible to gain access to the admin session from the back-end since Magento creates 2 different cookies for them. Maybe read the cookie with the name 'adminhtml' and try to initiate the session with that value. But this will become impossible if the admin is on a separate domain. (I know it usually isn't but it may be).
If you do a simple:
Mage::getSingleton('admin/session')
on the frontend, the object created from this code will be appended to the session file of the frontend(I only tested with session in files). The admin session file will not be touched.
Your session file will looke something like this:
core|a:5:{..}admin|a:2:{...}
This is an article from NovusWeb: http://www.novusweb.com/fix-for-passing-magento-session-ids/
Fix for Passing Magento Session IDs
Author: Brett Williams
Posted November 9, 2011
Fixing Magento Session IDs
We often use shared SSL’s when building e-commerce sites. It’s a convenient way of hosting multiple stores without having to purchase separate SSL certificates for each site. Most of our e-commerce clients manage multiple stores within a single Magento or OpenCart installation. Recently, we found a problem with Magento where the customer’s session ID was not being passed successfully between their initial visit to the site and their page views after logging into the store as a registered customer. Magento was not passing the same session IDs, and this meant that a customer who had previously logged in and added items to their cart, would lose the contents of their cart after returning later and logging in. Not a great situation.
In looking at the cookies created during a session, I found that when going from an unsecure domain (i.e., http://) to a secure domain (i.e., https://), the session ID was being passed successfully and a new cookie for the secure domain was created with the same session ID as the unsecure domain. However, when the customer logged in, a new cookie was created for the secure domain with an entirely new session ID. Magento was now using the newer cookie, and whenever the customer clicked to go back into an unsecure domain page (e.g. product detail page), they were no longer logged into Magento as the unsecure domain was using its cookie/session ID, not the new session ID created at login. The solution would be to find where the new session ID was being created and prevent that from occurring.
So, I began digging into the code to see if I could find where Magento was creating the new session.
In app/code/core/Mage/Customer/Model/session.php, I found this at lines 177-189 (Magento CE 1.5.1):
public function login($username, $password)
{
/** @var $customer Mage_Customer_Model_Customer */
$customer = Mage::getModel('customer/customer')
->setWebsiteId(Mage::app()->getStore()->getWebsiteId());
if ($customer->authenticate($username, $password)) {
$this->setCustomerAsLoggedIn($customer);
$this->renewSession();
return true;
}
return false;
}
My solution was to comment out the line: $this->renewSession():, so that Magento would not create a new session when the customer logged in. The changed code looks like this:
public function login($username, $password)
{
/** @var $customer Mage_Customer_Model_Customer */
$customer = Mage::getModel('customer/customer')
->setWebsiteId(Mage::app()->getStore()->getWebsiteId());
if ($customer->authenticate($username, $password)) {
$this->setCustomerAsLoggedIn($customer);
//$this->renewSession();
return true;
}
return false;
}
So far in our testing, everything is working just fine, and the customer’s session is being retained between domains. Now, before you rush to change this core file, do the following:
Backup your databases (you should always do this before making any modifications).
Build the following directory hierarchy: app/code/local/Mage/Customer/Model/.
Put a copy of session.php into this new directory.
Comment out the appropriate line, shown above, and save your file.
By putting your modifications into the app/code/local directory, you’re telling Magento to use these files instead of the core files. More importantly, you’re preventing the loss of your modifications should you update Magento in the future.
It also provides a convenient way to store and manage your code modifications, as you only need to keep modified files in the app/code/local directory.
Be sure to leave a comment if you know of a more elegant solution, or if you find this works or doesn’t work for you.
Best Answer
This is most likely related to a phenomenon regarding filesystem sessions. Despite what you're reporting via using Mecached for sessions I have only ever seen this myself when in fact I was using filesystem.
This has been covered before over here:
https://magento.stackexchange.com/a/3721/336
In fact a screenshot of a cachegrind reveals the exact point at which the session startup is taking an inordinate amount of time is in
Mage_Core_Model_Session_Abstract_Varien::start
as you correctly pointed out:In the referenced thread there was the suggestion that this effect may be lessened with an in-memory session storage - but no concrete data exists that I know of to support the theory. If you're in fact using memcached then it stands to reason that the PHP-level session lock would prevent future requests to the session storage from being granted until the lock is released.
In general this is usually seen only on requests requiring access to session information, so architecting your frontend theme will be beneficial to limit the amount of access needed to avoid potential locks when a user has another tab or another long-running request in progress when deciding to move away.
HTH, Cheers.