Does the WP auth cookie appear in your PHP’s $_COOKIE var? If not, you’ll not be able to validate it. Even if it’s available, validating it is not trivial. You’d need to replicate the wp_validate_auth_cookie() process, which means you’d need the WP salt values, which are out of scope of your PHP. You’d need to replicate the salts within your namespace.
What I suggest is developing an API route/endpoint or an admin-post.php handler that validates the cookie for your PHP on request. Have your PHP make an HTTP request with the cookie value to that endpoint and check the returned message from WP for validation.
With WP doing the validation, you don’t really need to validate the cookie itself. You can have WP send to your PHP the current user’s data directly. However, your HTTP request would need to prove it’s authorized to receive such data, and the WP endpoint needs to validate the request. The WP API’s application passwords can work well for this.
FWIW, WP logins are not managed by formal PHP sessions. $_SESSION is not involved. If you’re actually referring to $_SESSION data, you encounter similar encryption issues as with the auth cookie, so you’d need to get data through a similar process of getting it through WP and not directly from the session cookie.
You might instead consider incorporating your PHP site within the WP context so all is in the same namespace and you could simply call is_user_logged_in(). You then have access to all WP resources. One way to do so is to convert your site’s PHP pages into WP templates and include any supporting code through functions.php of your custom theme or child theme.
