Using Sessions in WordPress

Posted by Frank on September 20, 2008

Yesterday, when I was creating a new plugin for my friend Stefan Vervoort, I needed sessions to work. Unfortunately, WordPress doesn’t support them?!

I searched the whole source code of this great piece of blogging software, and not on one single line I found even one session. Also the session_start() function is not called, but I still needed my sessions to work 😕 .

So I started searching Google for a fix of my problem. I found a lot of people asking the same question: “Why do sessions not work in WordPress?” Finally I found a solution to fix this little issue and guess what, it is a simple one.

The Solution

The only thing you have to do is call session_start(); before any output is send to the client. Now you might think: Nice, but what happens when I upgrade my WordPress installation to the latest version? Well, yes, your changes will be lost. That is the reason why we first should think of where to add these changes..

Normally upgrading your installation will replace all files, except one. Yes, it is the wp-config.php file. And even better, there isn’t send any output to a client yet, when this file is loaded.

So, we add the next lines of code to our wp-config.php file:

	<?php
	/**
	* Enable sessions
	*/
	if (!session_id()) {
	session_start();
	}

And sessions are enabled on your blog!
I think the best place to add these lines is at the top of the config file, so immediately after the php starting tag (<?php).

In your theme/plugin

As a lot of people have suggested in the comments, using the wp-config file might not be the best solution.
Add the next piece of code to your functions.php or plugin file to enable sessions:

	<?php
	/**
	* init_sessions()
	*
	* @uses session_id()
	* @uses session_start()
	*/
	function init_sessions()
	{
	if (!session_id()) {
	session_start();
	}
	}
	add_action('init', 'init_sessions');

I hope this will help you out when facing the same problem.

PHP, WordPress
PHP, WordPress

Øystein Soteland

Thanks! This solved my problem for making my own plugin!
DigiFix – din digitale vaktmester – driver datahjelp i Oslo.

Now I can get moving to make exactly what I need!

March 10, 2010 at 11:05 AM | Reply

David Cowgill

Yes, the best way to do this is via the init hook so you and/or your plugin/theme users don’t need to modify wp-config.php. Here’s the function I use in functions.php:

function cp_admin_init() {
if (!session_id())
session_start();
}

add_action(‘init’, ‘cp_admin_init’);

~David
ClassiPress

March 10, 2010 at 1:11 AM | Reply

cars

SIMPLE, NICE, and HELPFUL!

March 9, 2010 at 9:37 PM | Reply

Keith

If anyone is having problems with wordpress unsetting your session, I found this guide very usefull:

http://shadow.y-developments.info/shadow_of__soul/2009/02/manage-sessions-in-wordpress-plugin/

By default, wp unsets the _Session, unless you add it to the array specified in the above link in wp-settings.php.

Hope this helps someone.

February 25, 2010 at 6:05 PM | Reply

Dehost

Ooow… simple solution. Very useful information, thank you.

February 21, 2010 at 2:03 PM | Reply

Pravin

Yes it work’s fine
Thanks a lot

February 17, 2010 at 6:03 AM | Reply

Jason

I am going to take this post and expand on it. I am creating a custom cart solution and this simple will tweak was the only hole to plug! The WordPress and non-WordPress pages are sync’d

February 2, 2010 at 2:07 AM | Reply

Erdem

Thanks for the info… I would like to ask a rather different question about session control. You might have heard that many wordpress users are complaining about the server overheating problem. For example my site eats up to %85 of my servers cpu and therefore it is shut down by the host.

One of my friends suggested that the inability of the session control may be the reason. “Since the sessions are not closed the cpu load never ease down” he says…

Would you agree with this?

January 19, 2010 at 3:31 PM | Reply

maartez

AWESOME!!!

December 8, 2009 at 11:31 PM | Reply

Benjibuls

Great thanks for that.

I did a little testing and the safer place to put it is in your theme’s “functions.php” file. Works perfectly from there and is portable along with a theme.

October 27, 2009 at 9:02 AM | Reply

Andy Potanin

Just put a session_start into your plugin at the init level. Init will affect both admin, and frontend. I use template_redirect for front-end only.

add_action(‘init’, ‘my_plugin_init’);

function my_plugin_init() {
session_start();
}

October 5, 2009 at 2:27 AM | Reply

Krishan

Thanks Frank. This is exactly what I wanted.

September 27, 2009 at 2:16 PM | Reply

Tom Willmot

Rather than editing the wp-config.php file a better solution is to add the following to your themes functions.php file.

if ( !session_id() ) add_action( 'init', 'session_start' );

September 25, 2009 at 10:07 AM | Reply

Filip

Works fine, thanks a lot!

September 2, 2009 at 9:15 AM | Reply

NomikOS

If you do not want modify WP core, you can fires sessions with a properly hook.

	<?php
	add_action('init', 'initSession'));

	function initSession()
	{
	if ( ! session_id())
	session_start();
	}

August 7, 2009 at 5:33 AM | Reply

getcarty

just tried this, but when i put the code into my config file my blog was replaced with a white screen (it went back to normal once i removed the code again)

any idea what this could be?

August 1, 2009 at 5:28 PM | Reply

James M

Nice! It works on my blog when I tested it. Yeah, why do you think WordPress turned their backs on sessions? I really would wanna know. WordPress is almost perfect as it is. We owe this to the minds behind it. Probably the minds behind had very good reasons about staying away from sessions.

July 22, 2009 at 10:18 AM | Reply

Tyler

I was just about to give up on using sessions when I came across this. You just saved me a huge pile of work. THANKS SO MUCH!!!

June 12, 2009 at 4:12 AM | Reply

I think sessions should work using the original wp-config.php solution as long as register_globals is set to OFF in your php.ini file

If register_globals is ON, then WordPress erases the session on each page load (see the function wp_unregister_GLOBALS() in wp-settings.php)

June 12, 2009 at 2:55 AM | Reply

Lutvi Avandi

I cannot use that method in my plugin. Here is my script:
add_action(‘wp_head’, ‘affiliasi’);

function affiliasi() { global $wpdb, $user_ID; echo 'Affiliasi :'.$_SESSION['sponsor']; if ($_GET['reg']) { $address = $_GET['reg']; $aff = $wpdb->get_row("SELECT `user_id` FROM $wpdb->usermeta WHERE `meta_key`='url_affiliasi' AND `meta_value`='$address'"); $id_sponsor = $aff->user_id; $_SESSION = array(); $_SESSION['sponsor'] = $id_sponsor; echo $_SESSION['sponsor']; } }

Is there something wrong here? I’m using WordPress 2.7

May 28, 2009 at 5:28 AM | Reply

Fred

I am trying to get OS Commerce session data available in the WP environment. Unfortunately, I can’t get it working with WP 2.7.1

I tried to put some code in wp-config.php, wp-settings.php, theme>functions.php…

As anyone ever solved this? Thanks in advance, and also to Frank for the good tips anyway! Cheers

May 27, 2009 at 5:38 PM | Reply

David

Thank you! This helped me a lot. 🙂

April 1, 2009 at 2:37 PM | Reply

Pingback: Sessions in Wordpress | ejunKie

February 4, 2009 at 5:12 PM

kasper

It works now :

The file has to be wp_settings.php
I changed :

<?php $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());

To :

<?php $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES);

Any idea if this would give trouble with my wp installation. What can be the reason they disabled sessions ?

December 18, 2008 at 12:31 PM | Reply

kasper

I can’t get the session working in wordpress 2.7 in the above described manner. However sessions work fine in a test.php file in my root.

Any ideas. I’ve found the following line in wp_setup.php. Does it have anything to do with this problem ? And if yes how should I change ?

$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());

Any other ideas ?

December 18, 2008 at 12:18 PM | Reply

sumit

is there anyway to carry the session and login information of my site on the wordpress blog , if there please help me out , thanks in advance

November 13, 2008 at 8:39 AM | Reply

Frank Verhoeven

Hi, I think there is a way you could do this using the wp functions. But I don’t know how your site/blog is related to each other so I can’t tell you for sure.

November 13, 2008 at 6:21 PM

Daan

btw:

session_start() works for me in a plugin and not in wp_config.php

October 27, 2008 at 10:43 PM | Reply

Daan

2.7-almost-beta-9300 here and no problems with session_start() in wp_config.php

October 27, 2008 at 10:33 PM | Reply

Robert O'Rourke

Hi Frank,
Is this still working for you or was there something else you had to do? I’m having no joy at all with the latest version of wordpress

October 25, 2008 at 6:04 PM | Reply

Frank Verhoeven

I checked it here on my local server, but everything still works (using version 2.7-almost-beta-9300). Do you get any errors?

October 27, 2008 at 12:59 AM

Pingback: WordPress Linktip: 25|10|08

October 25, 2008 at 12:01 PM

Hosting Reviews

Great post – both simple and effective. I’m surprised Sessions aren’t enabled by default in WP.

October 16, 2008 at 4:35 PM | Reply

Lee

Honestly, I can’t think of the last time I wrote an app that used a cookie, so I can certianly agree with you. My comment was really food-for-thought…

October 4, 2008 at 7:52 PM | Reply

Lee

While easier, a Session still works much like a cookie. My concern would be that you are now storing more than one source of persistent data (not very clean). I believe that WP was setup a cookie-only to allow for transitions between servers that sessions typically wont. This breaks that ability.

I guess what Im saying is, rather than modifying “core” code, why not create another cookie?

October 4, 2008 at 5:46 AM | Reply

Frank Verhoeven

Well, you might be right there, but what happens when a visitor of your blog has turned cookies off? Your whole system doesn’t work anymore because this visitor’s browser doesn’t store your data.
I always prefer to use sessions if possible.

October 4, 2008 at 2:15 PM

Frank Verhoeven

No problem, I’m glad it helped you!

September 27, 2008 at 7:26 AM | Reply

Kyle

Thank you! Thank you! Thank you! I have been searching for this solution for 2 days now. You rock!

September 27, 2008 at 3:17 AM | Reply