You may define $sess->auto_init to the name of an include file in your extension of session. Per convention, the name setup.inc is being used.
class My_Session extends Session {
var $classname = "My_Session";
var $magic = "Calvin+Hobbes";
var $mode = "cookie";
var $gc_probability = 5;
var $auto_init = "setup.inc"; // name of auto_init file.
}
Whenever a new session is established, that is, a user without a session id connects to your application, the auto_init file is included and executed exactly once. The file is executed from within the context of the page_open() function, that is, not within a global context. To define or access global variables from the auto_init file, you have to global them.
When auto_init is being executed, all features of your page already exist and are available globally. That is, you can safely rely on the existence of the $sess, $auth, $perm and $user variables, if your application specifies them. Note that you cannot in general know which particular page triggered the execution of auto_init, though. If you have some pages that request authentication and others that don't, you cannot rely on the presence of the $auth object in general, but have to test for it with is_object($auth) before accessing it.
The auto_init file is the appropriate place to initialize and register all your session variables. A sample setup.inc may look like this:
<?php
global $lang; // application language
$lang = "de"; // german by default
$sess->register("lang");
global $cur; // application currency
$cur = "EUR"; // Euro by default
$sess->register("cur");
global $cart;
$cart = new Shop_Cart; // Create a shopping cart object as defined in local.inc
$sess->register("cart"); // register it.
?>
Note: If you don't use a fallback_mode and you get users that turn off cookies, these users will force a new session each time they hit any page of your application. Of course this will force inclusion and execution of setup.inc for each page they visit, too. Nothing can be done about this.