Using Sessions in WordPress
Posted by Frank Verhoeven | Filed under PHP, WordPress
Yesterday, when I was creating a new plugin for my friend Stefan Vervoort, I needed sessions to work. Unfortunately, WordPress doesn’t support them!??
I searched the whole source code of this great piece of blogging software, and not on one single line I found even one session. Also the session_start() function is not called, but I still needed my sessions to work 
.
So I started searching Google for a fix of my problem. I found a lot of people asking the same question: “Why don’t sessions work in WordPress?” Finally I found a solution to fix this little issue and guess what, it is a simple one.
The Solution
The only thing you have to do is call session_start(); before any output is send to the client. Now you might think: Nice, but what happens when I upgrade my WordPress installation to the latest version? Well, yes, your changes will be lost. That is the reason why we first should think of where to add these changes..
Normally upgrading your installation will replace all files, except one. Yes, it is the wp-config.php file. And even better, there isn’t send any output to a client yet, when this file is loaded.
So, we add the next lines of code to our wp-config.php file:
// Make the use of sessions possible. >if (!session_id()) session_start();
And sessions are enabled on your blog!
I think the best place to add these lines is at the top of the config file, so immediately after the php starting tag (<?php).
I hope this will help you out when facing the same problem.
September 27th, 2008 at 3:17 am
Thank you! Thank you! Thank you! I have been searching for this solution for 2 days now. You rock!
September 27th, 2008 at 7:26 am
No problem, I’m glad it helped you!
October 4th, 2008 at 5:46 am
While easier, a Session still works much like a cookie. My concern would be that you are now storing more than one source of persistent data (not very clean). I believe that WP was setup a cookie-only to allow for transitions between servers that sessions typically wont. This breaks that ability.
I guess what Im saying is, rather than modifying “core” code, why not create another cookie?
October 4th, 2008 at 2:15 pm
Well, you might be right there, but what happens when a visitor of your blog has turned cookies off? Your whole system doesn’t work anymore because this visitor’s browser doesn’t store your data.
I always prefer to use sessions if possible.
October 4th, 2008 at 7:52 pm
Honestly, I can’t think of the last time I wrote an app that used a cookie, so I can certianly agree with you. My comment was really food-for-thought…
October 16th, 2008 at 4:35 pm
Great post – both simple and effective. I’m surprised Sessions aren’t enabled by default in WP.
October 25th, 2008 at 12:01 pm
[...] in WordPress: Wer einmal Sessions für ein Plugin oder Theme nutzen muss findet nützliche Hinweise im Beitrag von Frank [...]
October 25th, 2008 at 6:04 pm
Hi Frank,
Is this still working for you or was there something else you had to do? I’m having no joy at all with the latest version of wordpress
October 27th, 2008 at 12:59 am
I checked it here on my local server, but everything still works (using version 2.7-almost-beta-9300). Do you get any errors?
October 27th, 2008 at 10:33 pm
2.7-almost-beta-9300 here and no problems with session_start() in wp_config.php
October 27th, 2008 at 10:43 pm
btw:
session_start() works for me in a plugin and not in wp_config.php
November 13th, 2008 at 8:39 am
is there anyway to carry the session and login information of my site on the wordpress blog , if there please help me out , thanks in advance
November 13th, 2008 at 6:21 pm
Hi, I think there is a way you could do this using the wp functions. But I don’t know how your site/blog is related to each other so I can’t tell you for sure.
December 18th, 2008 at 12:18 pm
I can’t get the session working in wordpress 2.7 in the above described manner. However sessions work fine in a test.php file in my root.
Any ideas. I’ve found the following line in wp_setup.php. Does it have anything to do with this problem ? And if yes how should I change ?
$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
Any other ideas ?
December 18th, 2008 at 12:31 pm
It works now :
The file has to be wp_settings.php
I changed :
$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
To :
$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES);
Any idea if this would give trouble with my wp installation. What can be the reason they disabled sessions ?
February 4th, 2009 at 5:12 pm
[...] Courtesy:[http://www.frank-verhoeven.com/using-session-in-wordpress/] [...]
April 1st, 2009 at 2:37 pm
Thank you! This helped me a lot.
May 27th, 2009 at 5:38 pm
I am trying to get OS Commerce session data available in the WP environment. Unfortunately, I can’t get it working with WP 2.7.1
I tried to put some code in wp-config.php, wp-settings.php, theme>functions.php…
As anyone ever solved this? Thanks in advance, and also to Frank for the good tips anyway! Cheers
May 28th, 2009 at 5:28 am
I cannot use that method in my plugin. Here is my script:
add_action(‘wp_head’, ‘affiliasi’);
function affiliasi() {
global $wpdb, $user_ID;
echo 'Affiliasi :'.$_SESSION['sponsor'];
if ($_GET['reg']) {
$address = $_GET['reg'];
$aff = $wpdb->get_row("SELECT `user_id` FROM $wpdb->usermeta WHERE `meta_key`='url_affiliasi' AND `meta_value`='$address'");
$id_sponsor = $aff->user_id;
$_SESSION = array();
$_SESSION['sponsor'] = $id_sponsor;
echo $_SESSION['sponsor'];
}
}
Is there something wrong here? I’m using WordPress 2.7
June 12th, 2009 at 2:55 am
I think sessions should work using the original wp-config.php solution as long as register_globals is set to OFF in your php.ini file
If register_globals is ON, then WordPress erases the session on each page load (see the function wp_unregister_GLOBALS() in wp-settings.php)
June 12th, 2009 at 4:12 am
I was just about to give up on using sessions when I came across this. You just saved me a huge pile of work. THANKS SO MUCH!!!
July 22nd, 2009 at 10:18 am
Nice! It works on my blog when I tested it. Yeah, why do you think Wordpress turned their backs on sessions? I really would wanna know. Wordpress is almost perfect as it is. We owe this to the minds behind it. Probably the minds behind had very good reasons about staying away from sessions.
August 1st, 2009 at 5:28 pm
just tried this, but when i put the code into my config file my blog was replaced with a white screen (it went back to normal once i removed the code again)
any idea what this could be?
August 7th, 2009 at 5:33 am
If you do not want modify WP core, you can fires sessions with a properly hook.
add_action(‘init’, ‘initSession’));
function initSession()
{
if ( ! session_id())
session_start();
}
September 2nd, 2009 at 9:15 am
Works fine, thanks a lot!
September 25th, 2009 at 10:07 am
Rather than editing the wp-config.php file a better solution is to add the following to your themes functions.php file.
if ( !session_id() )
add_action( 'init', 'session_start' );
September 27th, 2009 at 2:16 pm
Thanks Frank. This is exactly what I wanted.
October 5th, 2009 at 2:27 am
Just put a session_start into your plugin at the init level. Init will affect both admin, and frontend. I use template_redirect for front-end only.
add_action(‘init’, ‘my_plugin_init’);
function my_plugin_init() {
session_start();
}
October 27th, 2009 at 9:02 am
Great thanks for that.
I did a little testing and the safer place to put it is in your theme’s “functions.php” file. Works perfectly from there and is portable along with a theme.
December 8th, 2009 at 11:31 pm
AWESOME!!!