Using Sessions in WordPress
Posted by Frank on September 20, 2008Yesterday, when I was creating a new plugin for my friend Stefan Vervoort, I needed sessions to work. Unfortunately, WordPress doesn’t support them?!
I searched the whole source code of this great piece of blogging software, and not on one single line I found even one session. Also the session_start() function is not called, but I still needed my sessions to work 😕 .
So I started searching Google for a fix of my problem. I found a lot of people asking the same question: “Why do sessions not work in WordPress?” Finally I found a solution to fix this little issue and guess what, it is a simple one.
The Solution
The only thing you have to do is call session_start(); before any output is send to the client. Now you might think: Nice, but what happens when I upgrade my WordPress installation to the latest version? Well, yes, your changes will be lost. That is the reason why we first should think of where to add these changes..
Normally upgrading your installation will replace all files, except one. Yes, it is the wp-config.php file. And even better, there isn’t send any output to a client yet, when this file is loaded.
So, we add the next lines of code to our wp-config.php file:
<?php |
|
/** |
|
* Enable sessions |
|
*/ |
|
if (!session_id()) { |
|
session_start(); |
|
} |
And sessions are enabled on your blog!
I think the best place to add these lines is at the top of the config file, so immediately after the php starting tag (<?php).
In your theme/plugin
As a lot of people have suggested in the comments, using the wp-config file might not be the best solution.
Add the next piece of code to your functions.php or plugin file to enable sessions:
<?php |
|
/** |
|
* init_sessions() |
|
* |
|
* @uses session_id() |
|
* @uses session_start() |
|
*/ |
|
function init_sessions() |
|
{ |
|
if (!session_id()) { |
|
session_start(); |
|
} |
|
} |
|
add_action('init', 'init_sessions'); |
I hope this will help you out when facing the same problem.
Hi Frank, your solution works perfect, but it’s better to add it trough the init action hook, since it’s just not ment to be in the config file.
You can add it as a plugin or just directly in your functions.php.
I’ve read your post first, but this post made me change it to an init action. You might want to update your post.
Regards.
@Kelly, are both your pages on the same subdomain. note that forbear.com and http://www.foobar.com are different subdomains and therefore have different sessions. WordPress usually takes care of redirecting from one to the other, but that is one other possibility.
/peter
Hi Frank,
I found this post and its comments to be very helpful. I’ve done some more research and have posted the results and a link to this blog post in http://devondev.com/2012/02/03/using-the-php-session-in-wordpress/ I cover the aspects of using this in a plugin, destroying the session on logout and login, and problems associated with register_globals.
Thanks for getting me started on a full solution to this.
/peter
Pingback: Using the PHP Session in WordPress - Devondev
I can set my sessions fine and they work on that page but if I go to another page I loose them. I tried removing the reference to sessions in the load.php but that didn’t help. Is there something I am missing? Do I need to make Sessions global somewhere?
Thanks man.You are a star!Had spent hours trying to figure this out.Your solution works well.
In wp-includes/load.php, removed references to $_SESSION where $_GLOBALS[$k] is nulled and unset.
Thank you
I seem to be the only person where your solution does not work. Newbie here so it might well be operator error.
I was using ob_start / if (session_id == ”) start_session in an include file used by all the pages – that didn’t work
Changed the wp-config.php file per your suggestion. that didn’t work — removed by code from the include file and that didn’t work
Running 3.2.1 with the wptdacaiberry theme
Here’s the .htaccess file:
# BEGIN WordPress
RewriteEngine On
# Options +FollowSymLinks
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
I apologize for pestering you with this. Please let me know where I might ask this question.
Thank you
@Mike Thanks, good solution
Does the session not need to be closed afterwards?
If so, how do I do that?
You can place the code snippet in the functions.php of your theme, or create a plugin in wp-content/plugins and your change won’t be lost when upgrading.
Oh man thxxxx…. I am brazilian and i was looking for the solution to the day. Sorry for google translate.
It’s working in local server.. but session has not set in remote server…. how to solve it.
Thanks
Bala
Or use functions.php:
if ( !session_id() )
add_action( ‘init’, ‘session_start’ );
Thanks a lot. It can be so simple.
Just perfect, it makes the job !
Thanks for the sharing 🙂
Nice. Thanks. It seems absolutely ridiculous that WordPress doesn’t have session_start anywhere.
Thank you so much!! I’ve been trying to get wordpress to accept session variables for a while now, but kept running into dead ends since I was trying to start the session within the page or the header :). This worked like a charm!
Pingback: Using sessions in WordPress - CodeBabble
Thanks for this article, it’s really useful. I wanted to warn about one thing:
if(!session_id())
session_start();
This doesn’t make sure that the session id is genuine/was created in the normal way by your site. There are some exploits which rely on this. A rogue client could be posting you a made-up session id, which can be used for various nasty things. It may be that this doesn’t really matter for your use case, as you may just be following an unregistered user through your site or something, just be careful!
W
Simple solution 🙂
thanks
thank you so much. works like a charm! sessions work now in wordpress!
You are my new God.