Re: bbPress Session Variable Names
Without going through the bbpress functions or mimicing the login authentication system (look in pluggable.php) you could never tell if a user is actually logged in, or being spoofed.
However the bbpress/wp cookie will persist and if the cookie path is set to the website root (instead of locked to “/forums/” – you’d have to change the default cookiepath) you could read the cookie and see if the visitor has a bbpress username. But if several people used the same computer there possibly could be several cookies.
In theory you could force sessions to always be on via a plugin for bbpress and watch it that way too. But note that sessions slow down server performance if it’s an active site.
Best bet is to change the cookiepath and decode the cookie with a smaller subset of code.