Using Sessions in WordPress
Posted by Frank | Filed under PHP, WordPress
Yesterday, when I was creating a new plugin for my friend Stefan Vervoort, I needed sessions to work. Unfortunately, WordPress doesn’t support them!??
I searched the whole source code of this great piece of blogging software, and not on one single line I found even one session. Also the session_start() function is not called, but I still needed my sessions to work 
.
So I started searching Google for a fix of my problem. I found a lot of people asking the same question: “Why don’t sessions work in WordPress?” Finally I found a solution to fix this little issue and guess what, it is a simple one.
The Solution
The only thing you have to do is call session_start(); before any output is send to the client. Now you might think: Nice, but what happens when I upgrade my WordPress installation to the latest version? Well, yes, your changes will be lost. That is the reason why we first should think of where to add these changes..
Normally upgrading your installation will replace all files, except one. Yes, it is the wp-config.php file. And even better, there isn’t send any output to a client yet, when this file is loaded.
So, we add the next lines of code to our wp-config.php file:
// Make the use of sessions possible. >if (!session_id()) session_start();
And sessions are enabled on your blog!
I think the best place to add these lines is at the top of the config file, so immediately after the php starting tag (<?php).
I hope this will help you out when facing the same problem.
September 27th, 2008 at 3:17 am
Thank you! Thank you! Thank you! I have been searching for this solution for 2 days now. You rock!
September 27th, 2008 at 7:26 am
No problem, I’m glad it helped you!
October 4th, 2008 at 5:46 am
While easier, a Session still works much like a cookie. My concern would be that you are now storing more than one source of persistent data (not very clean). I believe that WP was setup a cookie-only to allow for transitions between servers that sessions typically wont. This breaks that ability.
I guess what Im saying is, rather than modifying “core” code, why not create another cookie?
October 4th, 2008 at 2:15 pm
Well, you might be right there, but what happens when a visitor of your blog has turned cookies off? Your whole system doesn’t work anymore because this visitor’s browser doesn’t store your data.
I always prefer to use sessions if possible.
October 4th, 2008 at 7:52 pm
Honestly, I can’t think of the last time I wrote an app that used a cookie, so I can certianly agree with you. My comment was really food-for-thought…
October 16th, 2008 at 4:35 pm
Great post – both simple and effective. I’m surprised Sessions aren’t enabled by default in WP.
October 25th, 2008 at 12:01 pm
[...] in WordPress: Wer einmal Sessions für ein Plugin oder Theme nutzen muss findet nützliche Hinweise im Beitrag von Frank [...]
October 25th, 2008 at 6:04 pm
Hi Frank,
Is this still working for you or was there something else you had to do? I’m having no joy at all with the latest version of wordpress
October 27th, 2008 at 12:59 am
I checked it here on my local server, but everything still works (using version 2.7-almost-beta-9300). Do you get any errors?
October 27th, 2008 at 10:33 pm
2.7-almost-beta-9300 here and no problems with session_start() in wp_config.php
October 27th, 2008 at 10:43 pm
btw:
session_start() works for me in a plugin and not in wp_config.php
November 13th, 2008 at 8:39 am
is there anyway to carry the session and login information of my site on the wordpress blog , if there please help me out , thanks in advance
November 13th, 2008 at 6:21 pm
Hi, I think there is a way you could do this using the wp functions. But I don’t know how your site/blog is related to each other so I can’t tell you for sure.
December 18th, 2008 at 12:18 pm
I can’t get the session working in wordpress 2.7 in the above described manner. However sessions work fine in a test.php file in my root.
Any ideas. I’ve found the following line in wp_setup.php. Does it have anything to do with this problem ? And if yes how should I change ?
$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
Any other ideas ?
December 18th, 2008 at 12:31 pm
It works now :
The file has to be wp_settings.php
I changed :
$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
To :
$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES);
Any idea if this would give trouble with my wp installation. What can be the reason they disabled sessions ?
February 4th, 2009 at 5:12 pm
[...] Courtesy:[http://www.frank-verhoeven.com/using-session-in-wordpress/] [...]
April 1st, 2009 at 2:37 pm
Thank you! This helped me a lot.
May 27th, 2009 at 5:38 pm
I am trying to get OS Commerce session data available in the WP environment. Unfortunately, I can’t get it working with WP 2.7.1
I tried to put some code in wp-config.php, wp-settings.php, theme>functions.php…
As anyone ever solved this? Thanks in advance, and also to Frank for the good tips anyway! Cheers
May 28th, 2009 at 5:28 am
I cannot use that method in my plugin. Here is my script:
add_action(‘wp_head’, ‘affiliasi’);
function affiliasi() {
global $wpdb, $user_ID;
echo 'Affiliasi :'.$_SESSION['sponsor'];
if ($_GET['reg']) {
$address = $_GET['reg'];
$aff = $wpdb->get_row("SELECT `user_id` FROM $wpdb->usermeta WHERE `meta_key`='url_affiliasi' AND `meta_value`='$address'");
$id_sponsor = $aff->user_id;
$_SESSION = array();
$_SESSION['sponsor'] = $id_sponsor;
echo $_SESSION['sponsor'];
}
}
Is there something wrong here? I’m using WordPress 2.7
June 12th, 2009 at 2:55 am
I think sessions should work using the original wp-config.php solution as long as register_globals is set to OFF in your php.ini file
If register_globals is ON, then WordPress erases the session on each page load (see the function wp_unregister_GLOBALS() in wp-settings.php)
June 12th, 2009 at 4:12 am
I was just about to give up on using sessions when I came across this. You just saved me a huge pile of work. THANKS SO MUCH!!!
July 22nd, 2009 at 10:18 am
Nice! It works on my blog when I tested it. Yeah, why do you think WordPress turned their backs on sessions? I really would wanna know. WordPress is almost perfect as it is. We owe this to the minds behind it. Probably the minds behind had very good reasons about staying away from sessions.
August 1st, 2009 at 5:28 pm
just tried this, but when i put the code into my config file my blog was replaced with a white screen (it went back to normal once i removed the code again)
any idea what this could be?
August 7th, 2009 at 5:33 am
If you do not want modify WP core, you can fires sessions with a properly hook.
add_action(‘init’, ‘initSession’));
function initSession()
{
if ( ! session_id())
session_start();
}
September 2nd, 2009 at 9:15 am
Works fine, thanks a lot!
September 25th, 2009 at 10:07 am
Rather than editing the wp-config.php file a better solution is to add the following to your themes functions.php file.
if ( !session_id() )
add_action( 'init', 'session_start' );
September 27th, 2009 at 2:16 pm
Thanks Frank. This is exactly what I wanted.
October 5th, 2009 at 2:27 am
Just put a session_start into your plugin at the init level. Init will affect both admin, and frontend. I use template_redirect for front-end only.
add_action(‘init’, ‘my_plugin_init’);
function my_plugin_init() {
session_start();
}
October 27th, 2009 at 9:02 am
Great thanks for that.
I did a little testing and the safer place to put it is in your theme’s “functions.php” file. Works perfectly from there and is portable along with a theme.
December 8th, 2009 at 11:31 pm
AWESOME!!!
January 19th, 2010 at 3:31 pm
Thanks for the info… I would like to ask a rather different question about session control. You might have heard that many wordpress users are complaining about the server overheating problem. For example my site eats up to %85 of my servers cpu and therefore it is shut down by the host.
One of my friends suggested that the inability of the session control may be the reason. “Since the sessions are not closed the cpu load never ease down” he says…
Would you agree with this?
February 2nd, 2010 at 2:07 am
I am going to take this post and expand on it. I am creating a custom cart solution and this simple will tweak was the only hole to plug! The WordPress and non-WordPress pages are sync’d
February 17th, 2010 at 6:03 am
Yes it work’s fine
Thanks a lot
February 21st, 2010 at 2:03 pm
Ooow… simple solution. Very useful information, thank you.
February 25th, 2010 at 6:05 pm
If anyone is having problems with wordpress unsetting your session, I found this guide very usefull:
http://shadow.y-developments.info/shadow_of__soul/2009/02/manage-sessions-in-wordpress-plugin/
By default, wp unsets the _Session, unless you add it to the array specified in the above link in wp-settings.php.
Hope this helps someone.
March 9th, 2010 at 9:37 pm
SIMPLE, NICE, and HELPFUL!
March 10th, 2010 at 1:11 am
Yes, the best way to do this is via the init hook so you and/or your plugin/theme users don’t need to modify wp-config.php. Here’s the function I use in functions.php:
function cp_admin_init() {
if (!session_id())
session_start();
}
add_action(‘init’, ‘cp_admin_init’);
~David
ClassiPress
March 10th, 2010 at 11:05 am
Thanks! This solved my problem for making my own plugin!
DigiFix – din digitale vaktmester – driver datahjelp i Oslo.
Now I can get moving to make exactly what I need!
March 16th, 2010 at 12:25 pm
Mine session_start still not work.
I got a script include in a wordpress page, but it seems that the session stay empty.
If i use the script without include it in wordpress than it works.
Is there someone who wants to help me ?
March 19th, 2010 at 9:06 am
thank u sir.
i am searching for this since 3days
March 26th, 2010 at 9:33 am
I just inserted session_start() in my plugin file just below the plugin details and it works
April 8th, 2010 at 2:47 pm
there is no need for
if (!session_id())
u must use only session_start();
April 11th, 2010 at 5:58 pm
This works fine with the built in session function but does not for me when using a custom session handler -storing session in a db.
I am including it on the top of wp-config.php as with this example.
I’ve tried the wp-settings.php adjustment for variables to unset and am really scratching my head on this one…. any ideas?
thanks!
May 9th, 2010 at 6:20 pm
I tried all methods on this page and found that Andy Potanin’s (October 5th, 2009 at 2:27 am) solution worked the best. Just add_action() in your plugin initialize file.
May 28th, 2010 at 8:07 am
Hello Frank,
Thanks for the session information that is really useful.
I am not quite familiar about how to use session.
I wondered if you could get the user name from each user login to the website.
Thanks.
john
June 7th, 2010 at 6:34 am
But will you ask your plugin users to do the same? o.O
Why don’t put it inside your plugin, just before you need the session data?
If it’s not set, you set them and consider the user just got to the site. If ID is available, just use it normally because it was started somewhere earlier.
July 13th, 2010 at 4:29 am
Frank THANK YOU SO MUCH!
I was trying to figure out why I couldn’t keep the session between my main site and my blog and you’ve solved it for me!
Cheers!
July 14th, 2010 at 9:31 am
function cp_admin_init() {
if (!session_id())
session_start();
}
add_action(‘init’, ‘cp_admin_init’);
Its working….
thanks all.
July 21st, 2010 at 3:44 pm
You saved my day. Thanks for the help
July 22nd, 2010 at 3:06 pm
Nice share. Thanks for posting!
July 24th, 2010 at 1:01 am
Hi all! I am developing a theme for commercial use and require sessions to run to add some functionality that is needed.
At the moment wp_unregister_GLOBALS() seem to be a great problem for me, since modifying wp-setting.php manually is not an option. Has anyone got any ideas on how to add SESSIONS global variable to a $noUnset list, by coding only inside my theme folder? Or maybe desable wp_unregister_GLOBALS()? Or perhaps deactivate register_globals in php setting file of the server? But remember I am limited to doing that by code only from inside my theme folder. Any advise on this will be much appreciated, I’ve been trying to find a solution for a week now and getting very frastrated at wordpress…
Cheers
Max