WordPress and Sessions
The WordPress platform is totally stateless and provides no support for the use of sessions outside of the cookie that keeps a user logged in. This is a very good policy and helps keep your blog light and responsive. Unfortunately there are times that a session might be convenient to hold some data between requests. If you search online and in the WordPress forums you will find a lot of discussion of this and a few ideas that point in the correct direction.
The best of these is Frank Verhoeven’s blog Post (now archived) on this topic which is short and sweet and contains the basic idea. The comments on this are the real gold. What I’m providing here is a summary of the facts I’ve found in those comments and much other online study and experimentation.
Getting access to the session if you are not writing a plugin or theme
The simplest way to get access to the session is to add the following lines to wp-config.php before the call to wp-settings:
if (!session_id()) session_start();
This is what Frank suggested and it works well if you want to get the session for some of your own code and register_globals isn’t set.
What about register_globals?
You’ll hear a lot of talk about the deprecated PHP option register_globals in php.ini and WordPress’s attempts to defeat its use with the wp_unregister_globals function in load.php. WordPress is correct in doing this, so don’t just comment out wp_unregister_globals.
If register_globals is set WordPress will clear all the globals that it are set. Calling session_start will set the $_SESSION global, so if you call it before wp-settiings is run and register_globals is set you will lose your session variables. In most cases this isn’t a problem, but your hosting provider may have turned that option on and you can’t turn it off.
If that’s the case, you can’t put the session_start in wp-config.php. You will need to put it in your code before you need the session. And if you put it elsewhere be sure to remove it from wp-config.php or you will lose your session.
But of course It’s a plugin that needs a session
You can’t put your session_start in wp-config.php if you are intending to distribute your code to others, since you have no access to it and your users might have register_globals set. In that case you need to hook into an action that takes place after WordPress is loaded but before your code needs the session.
You can hook into the “init” action, to do that you would add some code like this to your plugin or your theme’s functions.php:
add_action('init', 'myStartSession', 1); function myStartSession() { if(!session_id()) { session_start(); } }
This code starts the session early in the initialization process, the 1 is the priority to cause this to run before other initialization. The session will be available once this has run.
One last piece in the puzzle
But it’s still missing a crucial piece. The data stored in the session doesn’t go away when the user logs out or logs into a different account. For that you need to destroy the session. And of course that requires a couple more hooks. This results in the following code to start and destroy the session:
add_action('init', 'myStartSession', 1); add_action('wp_logout', 'myEndSession'); add_action('wp_login', 'myEndSession'); function myStartSession() { if(!session_id()) { session_start(); } } function myEndSession() { session_destroy (); }
Now the session is yours to use as you wish in your code
To save some data into the session
$_SESSION['myKey'] = "Some data I need later";
And to get that data out at a later time
if(isset($_SESSION['myKey'])) { $value = $_SESSION['myKey']; } else { $value = ''; }
I hope this is of help to others who have faced this problem.
pkw
Latest posts by pkw (see all)
- Enabling HTTPS in WordPress - May 26, 2017
- WordPress Maintenance for Beginners - March 28, 2017
- Five Top Mistakes of DIY Websites - February 11, 2017
I dont know why no body commented on this but
youre plug in is very helpful and useful
it saved my life
God Speed!
Man, this is driving me crazy.
I developed some kind of shopping cart for my store in WordPress. It’s very simple and works wonderfully in all browsers, except for Firefox. I made a lot of research and found out that this sessions problem with WordPress was not only with me. Then I tried all the solutions that Google gave me, including the very same code in this post. No success.
I can be sure that register_globals is set to off in my server, so i just commented the content of the wp_unregister_GLOBALS function out. Still no success.
The most bizarre part of my drama is that, in my own pc, the shopping cart works like if I never had a problem with it. Every other computer fails in completing any order in Firefox, because the cart is always empty when it’s sent to the payment method.
I hate the idea of messing with the WordPress code and tried to solve all problems in a clean way, but this is making me go berserk.
Any idea?
When trying to load a Web site, the following error is occurring:”Server Requirement Error: register_globals is disabled in your PHP configuration. This can be enabled in your php.ini configuration file or in the .htaccess file in your catalog directory.”Can you tell me exactly what needs to be done to fix? Not sure how to access php.ini. I can access .htaccess the contents of which are below.
It’s server side setting if you don’t own VPS you can do nothing on share hosting etc..
I just registered to say thanks for your post. I guess, it saved a lot of time!!! In addition, I couldn´t find wp_unregister_GLOBALS() in wp-settings.php. So the ones, using WP 3.1, can find the function in wp-includes/load.php.
thanks for the code. its working well…
This is fantastic information and should be in the codex, as far as I’m concerned.
My plugin performs an OAuth and needs SESSSIONS! This worked right out of the box.
Thanks for the article. I’m trying the code in a plugin I set the session variables and the first page loaded after setting them works fine. But when next page loads after that they seem to be lost again.
Specifically, I have a custom login plugin where user’s may register on a custom form, on completing the form session vars are set and they are redirected to a thank you page. On all pages I have a header widget injected with a short code. The short code function checks the session and renders a logged in or not logged in version.
This works on the thank you page immediately after session vars are set, but any pages after that seem to lose the session vars.
Anyone experienced something like this?
Thanks! You helped me over come a serious brain fart!
Thanks.. ! It’s useful to me… 🙂
Hello Peter,
I’m pretty new to WordPress but have a bit of experience with PHP, but by no means an expert. I have built my own CMS system and have used SESSION a bit with them and am trying to get $_SESSION to work in order to detect a stream a user has come from within the site, but not having any luck. Here is what I am trying to do:
I have 3 pages public, media, profession. Each page states an appropriate $_SESSION as being either
$_SESSION[‘siteStream’] = ‘public’;
$_SESSION[‘siteStream’] = ‘profession’; or
$_SESSION[‘siteStream’] = ‘media’;
On a fourth page I have the following:
session_start();
//define variable for detecting which stream user is in
if(isset($_SESSION[‘siteStream’]) ) {
$siteStream = $_SESSION[‘siteStream’];
}
And in the body of fourth page to detect which stream the user has come from
But for some reason it is always giving me ‘profession’ as the output. Can anybody advise as to what I could be doing wrong? I have tried all of what you’ve mentioned above but I think it’s all relative to a user being logged in?
Being logged in shouldn’t matter. The session will exist from the time you first start it.
I’m assuming a “stream” is a set of pages that relate to a particular kind of use. Check the code in each of the streams to see what is different about the “profession” stream. Try displaying the value of the $_SESSION array in each of the streams at the start of each request.
Yes, a stream is a set of pages, as you say. There is nothing different on the code, on each of the stream pages, in the header, I have the following with the appropriate stream variable,
$siteStream = ‘publicOrMediaOrProfession’;
$_SESSION[‘siteStream’] = $siteStream;
and do a test on the page of and it outputs the correct variable. But on the fourth page where I want this stream variable known, SESSION is not getting passed to it.
I’ve also just installed your plugin Simple Session Support but this doesn’t seem to help either.
I think the part that I’m not getting how to make work is, how to get the SESSION variables global, as they’re not getting passed to the next page.
The session_start() call is what makes the $_SESSION array global, you should also check that register_globals is not being used as this will wipe out your session. The session_start must be done in the wp_init hook, this will cause it to run before your code. The Simple Session Support plugin does this.
Try adding this code to your theme’s functions.php, it should display “session testing=n” where n is the number of times it’s been called.
function sessionTest() {
if(!session_id())session_start();
if (!isset($_SESSION[‘testing’]))$_SESSION[‘testing’] = 0;
else $_SESSION[‘testing’] = 1+$_SESSION[‘testing’];
echo ‘session testing=’.$_SESSION[‘testing’].’
‘;
}
add_action(‘init’, ‘sessionTest’, 1);
If it doesn’t display an increasing number then there is something wrong with session support on your system. Have you checked phpinfo to see if sessions are enabled? You can create a .php file containing:
phpinfo();
to display phpinfo, give it a non-obvious name and be sure to delete it after use as it’s a serious security breach.
Thank you for your assistance Peter. I’m not able to access the php.ini file as it’s controlled by the host provider on a shared server, but a phpinfo page gave me this:
register_globals Off Off
Session Support enabled
session.auto_start Off Off
session.use_cookies On On
session.use_only_cookies Off Off
You can see the full readout here
http://thewebsitedeveloper.co.nz/tempProject/sessionDetails.jpg
So it’s telling me register_globals is off so that shouldn’t be causing a problem? Is the session.auto_start being Off causing a problem?
I did try adding the function sessionTest but it resulted in turning the site into blank pages, no error message.
The session config looks fine, and having register_globals off is good.
When you get a WSOD (White Screen of Death) out of WordPress there is usually a syntax error in your code. That code works fine on my site, so I suspect something got lost in transfer. Sometimes empty lines after ?> will cause that, for that reason I never close the last php block. You might find some hint about the problem by looking in the log files.
Do you have a local development system? If not you should set one up, either on a Linux machine or on your workstation using WAMP if you use Windows or by installing MySQL on a Mac, it already has PHP and Apache installed. On a local test system you will be able to easily sort all this out.
Yes, I had the last php block closed, removing it has stopped the WSOD.
Yes, I’ll try things on a local Xammp system, will let you know how I get on.
Well the good news is that everything works perfectly on my local xammp build (even without your plugin). I guess the hard part now is to find out why it doesn’t work on a hosts server.
Thanks for your help.
The main difference I’ve spotted is that my local build has
session.save_path \xampplite\tmp \xampplite\tmp
The live host has
session.save_path no value no value
Does this mean that session is not actually being saved so is not available once the page setting session is left?
My site is built based on WordPress, but I don’t want to use the WordPress built-in membership system, I’m trying to make a simple one, do you have any suggestion? ps. I am not php expert, this worrys me.
I’m not an expert of membership plugins, there are several favourites out there. One of the most popular is s2member. Your choice also depends on what your requirement is and what budget you have,
Great! Simple and works! Solved me a problem with an other author’s plugin that I try to fix!!
Thank you for this. Was having some issues, but your code and explination were very clear and I solved the problem in seconds.
Amazing! I was looking for something like this. Thank you.
Thanks ;D
Wow 🙂
Thank you so much, you have saved me so much time and severely improved my website security
I understood the wp_login and wp_logout hook part but what about if someone simply closes the website without even logging out properly. In such cases, how do I destroy users session data? Thanks.
No, this is http, when someone leaves your site there is no way for you to know. The session will be destroyed when they close their browser.
Aha IC, Thank you very much.
Great info, you really saved my time. Thanks a lot.
Good evening Peter. I first wanted to thank you for providing this blog. You have been able to make sense for me where the WP tutorials have only muddied the water. My question involves using this method to maintain a value for telling us if a user has toggled audio on or off across all page loads.
As we are not distributing the theme we placed the ‘start_session();’ function in the wp-config,php file as suggested. We next placed the session variable ‘toggle-audio’ and value ($_SESSION[‘toggle-audio’] = ‘on’; in the functions.php file associated with our theme. Next we created a javascript file that sends an ajax call to a stand-alone PHP function when the user clicks on a ‘sound’ icon on each page. The javascript and php file are ‘required_once’ in the functions.php.
All the javascript ajax call does is invoke the PHP function to toggle the session variable. If it is on it is set to ‘off’; if it is off it is set to ‘on’. I then echo that new session value back to the ajax call so that I can change the ‘sound’ icon on the page and either pause or stop the tag. We need to maintain the user’s choice so when the next page loads, we are able to build the tag correctly to autoplay (or not) and to add the correct ‘sound’ icon.
All seems to work well except for one problem. The function works the first time, changing it from on to off, but will not turn back on. The PHP function always echos back ‘off’. And it appears that the session variable is reset on each page load, because ‘on’ is always echoed back on the page load. So, I thought that I would ask an expert like yourself for any quick thoughts or obvious gaps in logic that you might glean from this note.
I appreciate any help or insight.
Hi again, Peter. Please disregard my last note. After taking a fresh look at my code, I found that I wasn’t enclosing the session variable in single quotes. So once I corrected $_SESSION[toggle-audio] to $_SESSION[‘toggle-audio’] the function worked as expected. Thank you once again for your blog.
Thanks. Very this the great way for saving my session data. Two thumbs up
installed the plugin “Simple Session Support” and solved this problem.
Criação de Sites Otimizados
This page helps so much!
WordPress is retarded when it comes to SESSIONS and other seemingly-simple stuff. But this helped, and I didn’t have to resort to a convoluted cookie-based workaround.
i can’t acces session varioable inyo different page after initilization pls. help
Thanks for this, Peter!
Thank you for your assistance, I was confused to edit php code for my wordpress template but you definitely made it easy. Keep posting!
my session is not working in live server but its working in localhost.
i am combing codeigniter and wordpress
Thank you for your sharing 🙂
I have tried placing this code everywhere within my site. I’ve tried putting in in my functions.php, wp-config.php and each time the session is not working.
I’ve tried installing the simple_sessions plugin as well and can’t seem to get it to work either.
I do know my server is supporting php sessions because I use them in my old website without problem (http://www.mdcee.org)
Not sure what is going on with the WordPress site, but cant get it to work at all
Finally got this to work.
Many plugins are using sessions and if they do session_start () without properly checking if it was already started then your sessions will be wiped out.
Search all files of your site for session_start() it’s okay to have multiple but they MUST protect against starting a session twice.
As a (semi-retired) software engineer I have worked on many mission critical device drivers (Windows CE/mobile, etc.) I always verify operation of my code front to back. In light of that I desired to verify that a session actually started. I found for my site (Genesis & Executive Pro) that it did not work to put the start_session() in wp-config so I moved it to a php file in my theme that I created. I would advise everyone to test to make sure your session starts. I have included my code for this. Put it in a location in your php code where you session should be running and it will echo the session status. Once verified you can pull the code.
switch ( session_status() ) {
case PHP_SESSION_DISABLED :
echo “PHP_SESSION_DISABLED”;
break;
case PHP_SESSION_NONE:
echo “PHP_SESSION_NONE”;
break;
case PHP_SESSION_ACTIVE:
echo “PHP_SESSION_ACTIVE”;
break;
}
I am having a problem with my session not persisting. I have a ‘sandbox’ web site that I can hack to my heart’s content. What I see is as follows.
I have and page that has two buttons. One to start a session and one to verify it exists. Results are returned and displayed in a under the buttons. When a button is pushed it activates a script that does an AJAX call to a .php file. In the .php file I session_start() and get /return the session_status() OR I just get /return the session_status() depending on which button is pushed. When I push the start session button I get a PHP_SESSION_ACTIVE response. When I push the verify button I get a PHP_SESSION_NONE response. I have done three day’s worth of hacking and that is the best I have been able to do. I am using PHP v5.4.38 so register_globals is gone. I have tried starting the session in a number of places, functions.php, wp-settings, wp-config, etc. with no luck. Any help?? Code is below.
Session Status
$(document).ready(function(){ //wait for ready
$(‘.button’).click(function(){ // on button click
var response;
var clickBtnValue = $(this).val(); // get button info
var ajaxurl = ‘/wp-content/themes/executive-pro/ajax-test.php’, // php file location
data = {‘action’: clickBtnValue}; // what the button did
$.post(ajaxurl, data, function (response) { // send this to the server and get response
$(“.session_status”).text( response ); // insert response onto page
});
return false; // don’t refresh
});
});
Sorry, the code doesn’t seem to want to go into my comment. I can email it if you would like.
I’ll try this without the php tags
if (isset($_POST[‘action’])) {
switch ($_POST[‘action’]) {
case ‘verify’:
check_for_session();
break;
case ‘start’:
start_a_session();
break;
}
}
function start_a_session() {
if (!session_id()) { session_start(); }
switch ( session_status() ) {
case PHP_SESSION_DISABLED :
echo “PHP_SESSION_DISABLED “;
break;
case PHP_SESSION_NONE:
echo “PHP_SESSION_NONE “;
break;
case PHP_SESSION_ACTIVE:
echo “PHP_SESSION_ACTIVE “;
break;
}
}
function check_for_session() {
switch ( session_status() ) {
case PHP_SESSION_DISABLED :
echo “PHP_SESSION_DISABLED “;
break;
case PHP_SESSION_NONE:
echo “PHP_SESSION_NONE “;
break;
case PHP_SESSION_ACTIVE:
echo “PHP_SESSION_ACTIVE “;
break;
}
}
That looks like it should work. Is is possible that something else in your system is clearing cookies? You can try tracing the cookie values as that’s where the session id is stored.
Peter,
Found something (drum-roll):
In my function check_for_session() if I put in a session_start() then data I load in my function start_a_session() has persisted and shows up in a $_SESSION[…] . I have tested this by running two browsers at once and they each have different sessions. See the new test code below. This is puzzling as I thought that session_start() did just that. Instead it seems to just activate the current session or start one if one does not exist.
function start_a_session() {
if (!session_id()) { session_start(); }
switch ( session_status() ) {
case PHP_SESSION_DISABLED :
echo “PHP_SESSION_DISABLED “;
break;
case PHP_SESSION_NONE:
echo “PHP_SESSION_NONE “;
break;
case PHP_SESSION_ACTIVE:
echo “PHP_SESSION_ACTIVE “;
$_SESSION[‘myKey’] = “Some data I need later”;
$_SESSION[‘favorite_color’] = “green”;
break;
}
if(isset($_SESSION[‘myKey’])) {
$value = $_SESSION[‘myKey’];
}
else {
$value = ‘no data’;
}
echo $value;
}
function check_for_session() {
session_start();
switch ( session_status() ) {
case PHP_SESSION_DISABLED :
echo “PHP_SESSION_DISABLED “;
break;
case PHP_SESSION_NONE:
echo “PHP_SESSION_NONE “;
break;
case PHP_SESSION_ACTIVE:
echo “PHP_SESSION_ACTIVE “;
break;
}
if(isset($_SESSION[‘myKey’])) {
$value = $_SESSION[‘myKey’];
}
else {
$value = ‘no data’;
}
echo $value;
if(isset($_SESSION[‘favorite_color’])) {
$value = $_SESSION[‘favorite_color’];
}
else {
$value = ‘no data’;
}
echo $value;
}
Yes, the PHP manual specifies that it behaves as your test demonstrates. http://php.net/manual/en/function.session-start.php says:
session_start() creates a session or resumes the current one based on a session identifier passed via a GET or POST request, or passed via a cookie.
Peter,
Bloody-hell, I was on that page a couple of times. I guess if I had taken the time to actually read it rather than quick scan I would have saved myself some trouble. That of course begs the question why do a
if (!session_id()) before doing the session_start() since you are wanting to either start or resume a session anyway. On to the next……
Thanks for your help in this, James
Thank you, thank you, thank you! I was really, really close and had strange session behaviors (did not save data but did save data if you loaded the page and then refreshed the page). WordPress had already sent headers so it couldn’t create a session but somehow did it on a refresh – strange. Anyway, your insight into hooking into the init method was just what I needed.
Thank you so much for sharing this information in an easy to follow post 🙂
We have a number of PHP web apps use that use sessions variables to know who you are and when you are logged in. I would like to use WP as a front end to the system. I seams simple enough When you login into WordPress set the session variables and transfer to the PHP apps page. But I can’t set the session variables. I can see the cookie being set, and I can set the cookie and session variables with a simple PHP page. But when I try to set them from within WP the variables are simply not there. Here is a stripped down version of my code:
<?php
/*
* Plugin Name: PGC_PDP_setcookie
* Plugin URI: http://www.quovadimus.net
* Descripton: This plugin bridges between WordPress and PGC PDP
* Author: Dave Johnson
* Version: 0.1
* Author URI: saywhat
*License: GPLv2 or later
Copyright (C) 2015 – Quovadimus
*/
add_action('init', 'PGCstartSession', 1);
// add_action('wp_login', 'PGCpdpSetSession', 1, 2);
add_action('wp_logout', 'PGCpdpLogout');
function PGCpdpLogout(){
if (isset($_SESSION)) {
session_destroy();
}
}
Function PGCstartSession(){ if (!session_id()) {
$exp_time = 3600;
session_set_cookie_params ( $exp_time ,'/', '.pgcsoaring.org');
session_start();
}
$_SESSION['var1'] = 'Varable1';
}
// function PGCpdpSetSession($user_login, $user)
function PGCpdpSetSession() {
/*
This is where I would set the session varables if it worked.
*/
}
This is driving me nuts!
Thanks for any help
Thanks for this helpful information. I am very confused in WordPress session starting for all pages but you solved my problem.
Thanks again.
session still not working.
Another cause of sessions not working is caching plugins and Content Distribution Networks. These deliver the page to the user without running the PHP. If your page relies on the session or cookies it must not be cached. On some systems like WP Engine this requires a ticket filed with their support to remove a page from cache. You can sometimes get your desired behaviour using JavaScript instead of PHP.
here is a simple way to start and store a unique-id of the user.
——————————————–
session_start();
if(! isset($_SESSION[‘uniqueID’])){
$_SESSION[‘uniqueID’] = uniqid();
}
——————————————–
here is more productive way:
– session cookie is secure (can not be modified by JavaScript)
– custom session name – instead of “PHPSESSION”
– only start a session if non-already exists.
– one liner
——————————————–
/* SESSION / COOKIE */ if (”===session_id()){@ini_set(“session.cookie_httponly”,1);session_name(“my_session”);session_start();}
——————————————–
you may combine both tricks to have your secure, custom name session, and tracking id of the user
I tried the code. Unfortunatelly the session_destroy in the function called on logout doesn’t work.
The function is called, that is not a problem, but it can not delete the session.
I presume it makes an output of something before, so that it can not update (in this case destroy) the session.
I think i’m doing something wrong here. I’m just beginning with the website and PHP so I could really use some help.
I have used the session_start(); in form-login.php, after that I used this code to give the variable a value:
<input type="text" class="woocommerce-Input woocommerce-Input–text input-text" name="username" id="username" value="” />
<?php
$Username = $_POST["username"];
simpleSessionSet('Inlog',$Username);
echo simpleSessionGet('Inlog');
When I fail to login the echo gives me the entered value, so my variable works. However when I succesfully login and my page is my-account.php and I use the echo simpleSessionGet('Inlog'); it doesn't display anything. I also started my-account.php with an session_start();.
Also I looked at my php settings like you said in previous comments and Session Support is enabled…
What can I do to solve this?
Hi Peter,
I have been fighting to get this working all week. Please help.
I have a file called authenticate.php which is called in a form in wordpress this has the test lines of code as follows …
Then I try to pick up myKey in another test wordPress page (using template called testing so I can use PHP in the page) as follows…
The output is
Session is NOT set:
Which means it hasn’t worked.
Please help meeeeeee.
Many thanks in advance.
Jav
Code didn’t show in my message!
Here it is again ..
session_start();
$_SESSION[‘myKey’] = “Some data I need later”;
Then ..
/*
Template Name: testing
*/
<?php
session_start();
if(isset($_SESSION['myKey'])) {
$value = $_SESSION['myKey'];
print "Session is set: ".$value;
} else {
$value = '';
print "Session is NOT set: ".$value;
}
@Jav are you using a caching plugin or service, CDN, or a managed WordPress service like WP Engine. These all serve pages without running the PHP again after the first time they run. This causes the session and cookies to fail. If not that, ensure that your server is set up properly.
It is nearly impossible to debug this stuff without access to the host. You may find the PHP error_log function useful if you have access to the log files.
Hi Peter,
Thank you for the quick reply , much appreciated. I am not using any caching plugins. I am using hosted WordPress installation on “one.com”. My old site with the same service provider users PHP sessions without any issues. I only hit this problem while trying to port my old site into WordPress.
I used your contact form to send you a message earlier about this.
Thanks again,
Jav.
So if I use ElastiCache or CloudFront CDN to host the PHP files on Amazon the sessions will be invalidated. Is that correct?
THIS SAVED ME FROM GOING INSANE!!!!!
add_action(‘init’, ‘myStartSession’, 1);
function myStartSession() {
if(!session_id()) {
session_start();
}
}
My site kept clearing my session. This little code in the functions.php worked like a charm. It took me hours to find this.
Thank you so much.
Thanks i was looking for this code from long time
Peter, I’m a real estate broker using WordPress for my MLS (multiple listing site). The data feed is all the local real estate listings. When someone uses my MLS site and requests information, I get that lead directed to my CRM. My cell gets an alert. Works great. Next step . . . I have another agent working for me. I set up another domain that forwards to my same MLS site only it has his unique ID so theoretically leads will go to him, not me. But it doesn’t work for listings that are not his own since the session is page based, not time based. In other words, the home page can show his unique ID, but as soon as someone opens up a listing, the site reverts back to me and any inquiries are directed to me, not my other agent as intended. No one seems to know the solution. Can you direct me?
Sessions are either time based or stay around as long as long as the browser is open. If the session appears to be only staying for a particular page it is likely that there is code that is resetting the session by creating a new one without checking if a session already exists.
Another possibility is that the page is cached, sessions require that the page get regenerated by PHP, try turning your caching system off and if it works, that’s the problem.
good evening dear Peter,
i have got some issues with a server where a wordpress – installation runs.
if i have a closer look at the error-logs i see a lot of :
server logs: PHP Warning: session_start(): Cannot find save handler ‘mm’
any idea what i can do here note : i am on PHP version 5xy
Well i run this on a root server which is adminstrated by a friend of mine.
question: What would you do here – in this situation? What should i tell him now. BTW: does the thread here on stackoverflow fit the issues i have: https://stackoverflow.com/questions/3740791/php-configuration-to-enable-sessions
there some guys explain mm as a configurations-option:
Well – i would be more than happy to shed a light on this issue. I need to debug the system and need to have a closer look at the behaviour of some plugins… : see here this thread: https://wordpress.org/support/topic/e-mail-notification-mails-to-admin-and-subscriber-do-not-work/
or more details:
see some data out of the php-configuration – not sure if they help here;
Session Support enabled
Registered save handlers files user
Registered serializer handlers php_serialize php php_binary
Directive Local Value Master Value
session.auto_start Off Off
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 3600 3600
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file /dev/urandom /dev/urandom
session.entropy_length 32 32
session.gc_divisor 1000 1000
session.gc_maxlifetime 3600 3600
session.gc_probability 1 1
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler mm mm
session.save_path no value no value
session.serialize_handler php php
session.upload_progress.cleanup On On
session.upload_progress.enabled On On
session.upload_progress.freq 1% 1%
session.upload_progress.min_freq 1 1
session.upload_progress.name PHP_SESSION_UPLOAD_PROGRESS PHP_SESSION_UPLOAD_PROGRESS
session.upload_progress.prefix upload_progress_ upload_progress_
session.use_cookies On On
session.use_only_cookies On On
session.use_strict_mode Off Off
session.use_trans_sid 0 0
Are you sure that’s the correct configuration? If it’s looking for the memory handler ‘mm’, that would be in the config. Try using phpinfo() to display what the online site is using. There are a lot of ways to confuse the php.info address.
Dear Peter many thanks for the quick reply, Great to hear from you.
this is exacly what i have gathered form the php-info. I guess that the site is a bit of misconfigured.
note: the site runs – but i cannot do some wp_(debug) with a concrete error-log:
see this for more infos: https://wordpress.org/support/topic/e-mail-notification-mails-to-admin-and-subscriber-do-not-work/
after some investigation i have found out that this configuration does not fit –
some say: WordPress has it own session system and don’t use the PHP one then you have a problem of PHP configuration. This error means that your session can not be saved by your session save handler. As you see you are using mm session save handler which stands for Shared Memory.
From php.net: To use shared memory allocation (mm) for session storage configure PHP –with-mm[=DIR] .
You probably need to install php Shared Memory extension to use this kind of session handler: http://php.net/manual/en/book.shmop.php
Default php session handler is file handler which store your session in files on file system. This handler do not need any additional extension.
Dear Peter, well i guess that the configuration needs some overhaul and rework What do you suggest?
Look forward to hear from you.
greetings martin
I’m not an expert on PHP configuration. You need to consult with your hosting company’s Linux support. WordPress itself doesn’t use the session, it uses cookies, but if you use session_start or the $_SESSION variable you are using PHP sessions. There are plugins that change this behaviour, to make the sessions work over multiple servers by storing the session data in the database.
hello dear Peter
many many thanks for the reply. This site is great. I have learned alot.
You deserve great honour for your page!!
keep it up
greetings
Find what I am searching. Very effective article. I have to create a page where all data will be fetched via ajax. This makes my work more simple.
hello – i have some issues on a page
i get back the following error: err_empty_response.
see the logfiles:
Dec 31 17:22:47.392649 2017] [core:notice] [pid 3308] AH00052: child pid 9451 exit signal Segmentation fault (11)
[Sun Dec 31 17:23:36.458836 2017] [core:notice] [pid 3308] AH00052: child pid 9454 exit signal Segmentation fault (11)
[Sun Dec 31 17:23:42.467815 2017] [core:notice] [pid 3308] AH00052: child pid 9567 exit signal Segmentation fault (11)
[Sun Dec 31 17:23:49.477932 2017] [core:notice] [pid 3308] AH00052: child pid 9613 exit signal Segmentation fault (11)
[Sun Dec 31 17:31:03.820937 2017] [log_config:warn] [pid 9614] (27)File too large: [client 66.249.66.11:62691] AH00646: Error writing to logs/access_log
[Sun Dec 31 17:34:05.308227 2017] [log_config:warn] [pid 9615] (27)File too large: [client 216.244.66.203:39018] AH00646: Error writing to logs/access_log
[Sun Dec 31 17:41:07.543118 2017] [core:notice] [pid 3308] AH00052: child pid 9616 exit signal Segmentation fault (11)
[Sun Dec 31 17:41:15.855062 2017] [log_config:warn] [pid 9615] (27)File too large: [client 66.249.66.132:58673] AH00646: Error writing to logs/access_log
[Sun Dec 31 17:53:33.582060 2017] [log_config:warn] [pid 9684] (27)File too large: [client 163.172.7.165:14786] AH00646: Error writing to logs/access_log
[Sun Dec 31 17:57:38.428887 2017] [core:notice] [pid 3308] AH00052: child pid 9614 exit signal Segmentation fault (11)
[Sun Dec 31 17:57:38.429020 2017] [core:notice] [pid 3308] AH00052: child pid 9778 exit signal Segmentation fault (11)
[Sun Dec 31 17:57:44.162961 2017] [log_config:warn] [pid 9981] (27)File too large: [client 91.45.147.161:39586] AH00646: Error writing to logs/access_log
[Sun Dec 31 17:57:44.440750 2017] [core:notice] [pid 3308] AH00052: child pid 9982 exit signal Segmentation fault (11)
[Sun Dec 31 17:57:45.102761 2017] [log_config:warn] [pid 9981] (27)File too large: [client 91.45.147.161:39586] AH00646: Error writing to logs/access_log, referer: http://www.f-s-j.de/
[Sun Dec 31 17:57:46.336060 2017] [log_config:warn] [pid 9981] (27)File too large: [client 91.45.147.161:39586] AH00646: Error writing to logs/access_log, referer: http://www.f-s-j.de/wp-content/plugins/wp-job-manager/assets/css/frontend.css?ver=1.29.2
[Sun Dec 31 17:57:49.236542 2017] [log_config:warn] [pid 9983] (27)File too large: [client 91.45.147.161:39604] AH00646: Error writing to logs/access_log, referer: http://www.f-s-j.de/wp-content/plugins/job-board-manager/assets/admin/css/jquery-ui.css?ver=4.9.1
[Sun Dec 31 17:57:50.083030 2017] [log_config:warn] [pid 9981] (27)File too large: [client 91.45.147.161:39586] AH00646: Error writing to logs/access_log, referer: http://www.f-s-j.de/
[Sun Dec 31 17:57:50.088923 2017] [log_config:warn] [pid 9983] (27)File too large: [client 91.45.147.161:39604] AH00646: Error writing to logs/access_log, referer: http://www.f-s-j.de/wp-includes/js/tinymce/skins/lightgray/skin.min.css?wp-mce-4607-20171116
[Sun Dec 31 17:57:50.601112 2017] [log_config:warn] [pid 9983] (27)File too large: [client 91.45.147.161:39604] AH00646: Error writing to logs/access_log
[Sun Dec 31 17:57:53.887503 2017] [log_config:warn] [pid 9981] (27)File too large: [client 91.45.147.161:39586] AH00646: Error writing to logs/access_log, referer: http://www.f-s-j.de/
[Sun Dec 31 18:03:15.781313 2017] [core:notice] [pid 3308] AH00052: child pid 9984 exit signal Segmentation fault (11)
[Sun Dec 31 18:03:15.781540 2017] [core:notice] [pid 3308] AH00052: child pid 9985 exit signal Segmentation fault (11)
[Sun Dec 31 18:03:16.784616 2017] [core:notice] [pid 3308] AH00052: child pid 9983 exit signal Segmentation fault (11)
any idea!?
I have no idea what is causing this. Have you looked at the stack trace?
Hi Peter.
We like your plugin and have been using it on one of our websites. However Wordfence has just alerted us that your plugin hasn’t been updated since December 14, 2013, so it appears ‘abandoned’ to them.
There are lots of comments in recent times about data security risks and keeping plugins up to date, so I just wondered is there a need or requirement to update your plugin? Or does the way your plugin work, just connect to the PHP sessions and therefore any security updates to Session and their function, are managed through PHP updates?
This plugin isn’t abandoned. That is just silliness from WordFence. The plugin hasn’t been updated because nothing needs to be changed. I’ll update it and change the tested to settings. That should make WF happier.
Hi Peter. I thought that myself, thank you for your feedback.
Hello – many many thanks for the update.
i love your site – your plugin and all you discuss here. It is a great place for idea exchange!
keep up this overwhelming place – it rocks
Martin
Thank you very very much
I placed
if (!session_id())
session_start();
in the wp-config file
And on another page, just
But I get nothing.
If I use stand alone php files, session works. Inside of WP, it doesn’t
Thanks mate! I was looking for this code from long time.
Looks like Frank Verhoeven’s blog shut down sometime 2013-14. The latest archived version of the linked page is:
https://web.archive.org/web/20130827112117/http://www.frank-verhoeven.com/using-session-in-wordpress/
I’ve changed the link to go to the Way Back machine
Please follow the instructions
ul.children {
margin-right: 5px;
}
ul.children li {
list-style: none;
background: #f9f9f9;
padding: 4px 5px 5px;
}
ul.children li li {
background: #e4e4e4;
}
li.comment {
margin-bottom: 15px;
background: #eee;
padding: 5px 10px 5px;
border-radius: 5px;
}
li.comment li {
margin-top: 10px;
border-radius: 5px;
}
Thanks mate for the code i was looking for the same code for today match prediction from predictionmania