Using the PHP Session in WordPress

Posted on by

WordPress and Sessions

The WordPress platform is totally stateless and provides no support for the use of sessions outside of the cookie that keeps a user logged in.  This is a very good policy and helps keep your blog light and responsive.  Unfortunately there are times that a session might be convenient to hold some data between requests.  If you search online and in the WordPress forums you will find a lot of discussion of this and a few ideas that point in the correct direction.  

The best of these is Frank Verhoeven’s blog Post on this topic which is short and sweet and contains the basic idea.  The comments on this are the real gold.  What I’m providing here is a summary of the facts I’ve found in those comments and much other online study and experimentation.

Getting access to the session if you are not writing a plugin or theme

The simplest way to get access to the session is to add the following lines to wp-config.php before the call to wp-settings:

if (!session_id())
    session_start();

This is what Frank suggested and it works well if you want to get the session for some of your own code and register_globals isn’t set.

What about register_globals?

You’ll hear a lot of talk about the deprecated PHP option register_globals in php.ini and WordPress’s attempts to defeat its use with the wp_unregister_globals function in load.php. WordPress is correct in doing this, so don’t just comment out wp_unregister_globals.

If register_globals is set WordPress will clear all the globals that it are set. Calling session_start will set the $_SESSION global, so if you call it before wp-settiings is run and register_globals is set you will lose your session variables. In most cases this isn’t a problem, but your hosting provider may have turned that option on and you can’t turn it off.

If that’s the case, you can’t put the session_start in wp-config.php. You will need to put it in your code before you need the session. And if you put it elsewhere be sure to remove it from wp-config.php or you will lose your session.

But of course It’s a plugin that needs a session

You can’t put your session_start in wp-config.php if you are intending to distribute your code to others, since you have no access to it and your users might have register_globals set.  In that case you need to hook into an action that takes place after WordPress is loaded but before your code needs the session.  

You can hook into the “init” action, to do that you would add some code like this to your plugin or your theme’s functions.php:

add_action('init', 'myStartSession', 1);
function myStartSession() {
    if(!session_id()) {
        session_start();
    }
}

This code starts the session early in the initialization process, the 1 is the priority to cause this to run before other initialization. The session will be available once this has run.

One last piece in the puzzle

But it’s still missing a crucial piece.  The data stored in the session doesn’t go away when the user logs out or logs into a different account. For that you need to destroy the session.  And of course that requires a couple more hooks.  This results in the following code to start and destroy the session:

add_action('init', 'myStartSession', 1);
add_action('wp_logout', 'myEndSession');
add_action('wp_login', 'myEndSession');

function myStartSession() {
    if(!session_id()) {
        session_start();
    }
}

function myEndSession() {
    session_destroy ();
}

Now the session is yours to use as you wish in your code

To save some data into the session

$_SESSION['myKey'] = "Some data I need later";

And to get that data out at a later time

if(isset($_SESSION['myKey'])) {
    $value = $_SESSION['myKey'];
} else {
    $value = '';
}

I hope this is of help to others who have faced this problem.

Comments

  1. Thanks for the article. I’m trying the code in a plugin I set the session variables and the first page loaded after setting them works fine. But when next page loads after that they seem to be lost again.

    Specifically, I have a custom login plugin where user’s may register on a custom form, on completing the form session vars are set and they are redirected to a thank you page. On all pages I have a header widget injected with a short code. The short code function checks the session and renders a logged in or not logged in version.

    This works on the thank you page immediately after session vars are set, but any pages after that seem to lose the session vars.

    Anyone experienced something like this?

  2. Pingback: Using the PHP Session in WordPress | Web Solutions

  5. I just registered to say thanks for your post. I guess, it saved a lot of time!!! In addition, I couldn´t find wp_unregister_GLOBALS() in wp-settings.php. So the ones, using WP 3.1, can find the function in wp-includes/load.php.

  6. When trying to load a Web site, the following error is occurring:”Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory.”Can you tell me exactly what needs to be done to fix? Not sure how to access php.ini. I can access .htaccess the contents of which are below.

  7. Man, this is driving me crazy.

    I developed some kind of shopping cart for my store in WordPress. It’s very simple and works wonderfully in all browsers, except for Firefox. I made a lot of research and found out that this sessions problem with WordPress was not only with me. Then I tried all the solutions that Google gave me, including the very same code in this post. No success.

    I can be sure that register_globals is set to off in my server, so i just commented the content of the wp_unregister_GLOBALS function out. Still no success.

    The most bizarre part of my drama is that, in my own pc, the shopping cart works like if I never had a problem with it. Every other computer fails in completing any order in Firefox, because the cart is always empty when it’s sent to the payment method.

    I hate the idea of messing with the WordPress code and tried to solve all problems in a clean way, but this is making me go berserk.

    Any idea?

  9. Pingback: wordpress session problems • PHP Help

  10. Pingback: Simple Session Support Plugin Released - Devondev

Leave a Reply

Commenting Policy - Please Read Before Commenting

All comments are moderated so don't bother to spam the comments. Comments that are not related to the post will be deleted. Others may be edited to remove spam. Approved comments may provide a rel="dofollow" link to your website at our discretion. All other links will be rel="nofollow".

Thank you.

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>