It is certainly possible to share sessions between CakePHP 2.x and 3.x on the same server, without an encryption issue, though this is not using a database handler. See http://discourse.cakephp.org/t/migrating-from-cakephp-2-to-cakephp-3-one-module-at-once/1072
There are quite a few options for configuring the session in the docs, including different handlers, and you can set the session.cookie_domain etc. in core.php / app.php respectively:
https://book.cakephp.org/2.0/en/development/sessions.html#session-configuration
https://book.cakephp.org/3.0/en/development/sessions.html#session-configuration
If your applications are on the same server, you might prefer to set the same cookie path, rather than the same domain, though you seem to have got that working.
If you applications are on different servers, here are some ways of doing it in php:
https://www.digitalocean.com/community/tutorials/how-to-share-php-sessions-on-multiple-memcached-servers-on-ubuntu-14-04
https://stackoverflow.com/questions/16168437/using-of-session-database-on-multiple-apache-servers
This doesn’t specifically answer your question about the database handler, but it may help.