I wrote a few lines to extend session.inc which allows me to carry a session from www.somedomain.com to my.somedomain.com.  I was wondering if I might have introduced any security concerns by doing so.

FYI here is the code that I put in local.inc:

class Example_Session extends Session {
  var $classname = "Example_Session";

  var $cookiename     = "";                ## defaults to classname
  var $magic          = "Hocuspocus";      ## ID seed
  var $mode           = "cookie";          ## We propagate session IDs with cookies
  var $fallback_mode  = "get";
  var $lifetime       = 0;                 ## 0 = do session cookies, else minutes
  var $that_class     = "Example_CT_Sql"; ## name of data storage container
  var $gc_probability = 5; 
}

class Global_Session extends Example_Session {

  function get_id($id = "") {
    global $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS, $QUERY_STRING;
    $newid=true;
   
    // either new 'reassign' mode or 'cookie' mode (use session id in URL to change domains)
    $this->mode = isset($HTTP_GET_VARS[$this->name]) ? "reassign" : "cookie"; 
   
    $this->name = $this->cookiename==""?$this->classname:$this->cookiename;
   
    if ( "" == $id ) {
      $newid=false;
      switch ($this->mode) {
        case "reassign":      // fall through to "get" (obtain id via "get" method)
        case "get":
          if ("" == ($id = isset($HTTP_GET_VARS[$this->name]) ? $HTTP_GET_VARS[$this->name] : ""))
            $id = isset($HTTP_POST_VARS[$this->name]) ? $HTTP_POST_VARS[$this->name] : "";
        break;
        case "cookie":
          $id = isset($HTTP_COOKIE_VARS[$this->name]) ? $HTTP_COOKIE_VARS[$this->name] : "";
        break;
        default:
          die("This has not been coded yet.");
        break;
      }
    }
   
    if ( "" == $id ) {
      $newid=true;
      $id = $this->that->ac_newid(md5(uniqid($this->magic)), $this->name);
    }
   
    switch ($this->mode) {
      case "reassign":      $newid=true;
                      $this->mode = "cookie";  // leave things the way I found it...
                      // fall through to "cookie" (reassign always assumes cookie mode)
      case "cookie":
        if ( $newid && ( 0 == $this->lifetime ) ) {
          SetCookie($this->name, $id, 0, "/", $this->cookie_domain);
        }
        if ( 0 < $this->lifetime ) {
          SetCookie($this->name, $id, time()+$this->lifetime*60, "/", $this->cookie_domain);
        }
      break;
      case "get":
        if ( isset($QUERY_STRING) ) {
          $QUERY_STRING = ereg_replace(
            "(^|&)".quotemeta(urlencode($this->name))."=".$id."(&|$)",
            "\\1", $QUERY_STRING);
        }
      break;
      default:
        ;
      break;
    }

    $this->id = $id;
  }
}