Using Sessions in WordPress

Yesterday, when I was creating a new plugin for my friend Stefan Vervoort, I needed sessions to work. Unfortunately, WordPress doesn’t support them!??

I searched the whole source code of this great piece of blogging software, and not on one single line I found even one session. Also the session_start() function is not called, but I still needed my sessions to work :-? .

So I started searching Google for a fix of my problem. I found a lot of people asking the same question: “Why don’t sessions work in WordPress?” Finally I found a solution to fix this little issue and guess what, it is a simple one.

The Solution

The only thing you have to do is call session_start(); before any output is send to the client. Now you might think: Nice, but what happens when I upgrade my WordPress installation to the latest version? Well, yes, your changes will be lost. That is the reason why we first should think of where to add these changes..

Normally upgrading your installation will replace all files, except one. Yes, it is the wp-config.php file. And even better, there isn’t send any output to a client yet, when this file is loaded.

So, we add the next lines of code to our wp-config.php file:

// Make the use of sessions possible.
>if (!session_id())
session_start();

And sessions are enabled on your blog!
I think the best place to add these lines is at the top of the config file, so immediately after the php starting tag (<?php).

I hope this will help you out when facing the same problem.

Tagged: , .

51 Responses

  1. Kyle Says:
    September 27th, 2008 at 3:17 am

    Thank you! Thank you! Thank you! I have been searching for this solution for 2 days now. You rock!

  2. Frank Verhoeven Says:
    September 27th, 2008 at 7:26 am

    No problem, I’m glad it helped you!

  3. Lee Says:
    October 4th, 2008 at 5:46 am

    While easier, a Session still works much like a cookie. My concern would be that you are now storing more than one source of persistent data (not very clean). I believe that WP was setup a cookie-only to allow for transitions between servers that sessions typically wont. This breaks that ability.

    I guess what Im saying is, rather than modifying “core” code, why not create another cookie?

  4. Frank Verhoeven Says:
    October 4th, 2008 at 2:15 pm

    Well, you might be right there, but what happens when a visitor of your blog has turned cookies off? Your whole system doesn’t work anymore because this visitor’s browser doesn’t store your data.
    I always prefer to use sessions if possible.

  5. Lee Says:
    October 4th, 2008 at 7:52 pm

    Honestly, I can’t think of the last time I wrote an app that used a cookie, so I can certianly agree with you. My comment was really food-for-thought…

  6. Hosting Reviews Says:
    October 16th, 2008 at 4:35 pm

    Great post – both simple and effective. I’m surprised Sessions aren’t enabled by default in WP.

  7. WordPress Linktip: 25|10|08 Says:
    October 25th, 2008 at 12:01 pm

    [...] in WordPress: Wer einmal Sessions für ein Plugin oder Theme nutzen muss findet nützliche Hinweise im Beitrag von Frank [...]

  8. Robert O'Rourke Says:
    October 25th, 2008 at 6:04 pm

    Hi Frank,
    Is this still working for you or was there something else you had to do? I’m having no joy at all with the latest version of wordpress

  9. Frank Verhoeven Says:
    October 27th, 2008 at 12:59 am

    I checked it here on my local server, but everything still works (using version 2.7-almost-beta-9300). Do you get any errors?

  10. Daan Says:
    October 27th, 2008 at 10:33 pm

    2.7-almost-beta-9300 here and no problems with session_start() in wp_config.php

  11. Daan Says:
    October 27th, 2008 at 10:43 pm

    btw:

    session_start() works for me in a plugin and not in wp_config.php

  12. sumit Says:
    November 13th, 2008 at 8:39 am

    is there anyway to carry the session and login information of my site on the wordpress blog , if there please help me out , thanks in advance

  13. Frank Verhoeven Says:
    November 13th, 2008 at 6:21 pm

    Hi, I think there is a way you could do this using the wp functions. But I don’t know how your site/blog is related to each other so I can’t tell you for sure.

  14. kasper Says:
    December 18th, 2008 at 12:18 pm

    I can’t get the session working in wordpress 2.7 in the above described manner. However sessions work fine in a test.php file in my root.

    Any ideas. I’ve found the following line in wp_setup.php. Does it have anything to do with this problem ? And if yes how should I change ?

    $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());

    Any other ideas ?

  15. kasper Says:
    December 18th, 2008 at 12:31 pm

    It works now :

    The file has to be wp_settings.php
    I changed :
    $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
    To :
    $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES);

    Any idea if this would give trouble with my wp installation. What can be the reason they disabled sessions ?

  16. Sessions in Wordpress | ejunKie Says:
    February 4th, 2009 at 5:12 pm

    [...] Courtesy:[http://www.frank-verhoeven.com/using-session-in-wordpress/] [...]

  17. David Says:
    April 1st, 2009 at 2:37 pm

    Thank you! This helped me a lot. :-)

  18. Fred Says:
    May 27th, 2009 at 5:38 pm

    I am trying to get OS Commerce session data available in the WP environment. Unfortunately, I can’t get it working with WP 2.7.1

    I tried to put some code in wp-config.php, wp-settings.php, theme>functions.php…

    As anyone ever solved this? Thanks in advance, and also to Frank for the good tips anyway! Cheers

  19. Lutvi Avandi Says:
    May 28th, 2009 at 5:28 am

    I cannot use that method in my plugin. Here is my script:
    add_action(‘wp_head’, ‘affiliasi’);


    function affiliasi() {
    global $wpdb, $user_ID;
    echo 'Affiliasi :'.$_SESSION['sponsor'];
    if ($_GET['reg']) {
    $address = $_GET['reg'];
    $aff = $wpdb->get_row("SELECT `user_id` FROM $wpdb->usermeta WHERE `meta_key`='url_affiliasi' AND `meta_value`='$address'");
    $id_sponsor = $aff->user_id;
    $_SESSION = array();
    $_SESSION['sponsor'] = $id_sponsor;
    echo $_SESSION['sponsor'];
    }
    }

    Is there something wrong here? I’m using WordPress 2.7

  20. kg Says:
    June 12th, 2009 at 2:55 am

    I think sessions should work using the original wp-config.php solution as long as register_globals is set to OFF in your php.ini file

    If register_globals is ON, then WordPress erases the session on each page load (see the function wp_unregister_GLOBALS() in wp-settings.php)

  21. Tyler Says:
    June 12th, 2009 at 4:12 am

    I was just about to give up on using sessions when I came across this. You just saved me a huge pile of work. THANKS SO MUCH!!!

  22. James M Says:
    July 22nd, 2009 at 10:18 am

    Nice! It works on my blog when I tested it. Yeah, why do you think WordPress turned their backs on sessions? I really would wanna know. WordPress is almost perfect as it is. We owe this to the minds behind it. Probably the minds behind had very good reasons about staying away from sessions.

  23. getcarty Says:
    August 1st, 2009 at 5:28 pm

    just tried this, but when i put the code into my config file my blog was replaced with a white screen (it went back to normal once i removed the code again)

    any idea what this could be?

  24. NomikOS Says:
    August 7th, 2009 at 5:33 am

    If you do not want modify WP core, you can fires sessions with a properly hook.

    add_action(‘init’, ‘initSession’));

    function initSession()
    {
    if ( ! session_id())
    session_start();
    }

  25. Filip Says:
    September 2nd, 2009 at 9:15 am

    Works fine, thanks a lot!

  26. Tom Willmot Says:
    September 25th, 2009 at 10:07 am

    Rather than editing the wp-config.php file a better solution is to add the following to your themes functions.php file.


    if ( !session_id() )
    add_action( 'init', 'session_start' );

  27. Krishan Says:
    September 27th, 2009 at 2:16 pm

    Thanks Frank. This is exactly what I wanted.

  28. Andy Potanin Says:
    October 5th, 2009 at 2:27 am

    Just put a session_start into your plugin at the init level. Init will affect both admin, and frontend. I use template_redirect for front-end only.

    add_action(‘init’, ‘my_plugin_init’);

    function my_plugin_init() {
    session_start();
    }

  29. Benjibuls Says:
    October 27th, 2009 at 9:02 am

    Great thanks for that.

    I did a little testing and the safer place to put it is in your theme’s “functions.php” file. Works perfectly from there and is portable along with a theme.

  30. maartez Says:
    December 8th, 2009 at 11:31 pm

    AWESOME!!!

  31. Erdem Says:
    January 19th, 2010 at 3:31 pm

    Thanks for the info… I would like to ask a rather different question about session control. You might have heard that many wordpress users are complaining about the server overheating problem. For example my site eats up to %85 of my servers cpu and therefore it is shut down by the host.

    One of my friends suggested that the inability of the session control may be the reason. “Since the sessions are not closed the cpu load never ease down” he says…

    Would you agree with this?

  32. Jason Says:
    February 2nd, 2010 at 2:07 am

    I am going to take this post and expand on it. I am creating a custom cart solution and this simple will tweak was the only hole to plug! The WordPress and non-WordPress pages are sync’d

  33. Pravin Says:
    February 17th, 2010 at 6:03 am

    Yes it work’s fine
    Thanks a lot

  34. Dehost Says:
    February 21st, 2010 at 2:03 pm

    Ooow… simple solution. Very useful information, thank you.

  35. Keith Says:
    February 25th, 2010 at 6:05 pm

    If anyone is having problems with wordpress unsetting your session, I found this guide very usefull:

    http://shadow.y-developments.info/shadow_of__soul/2009/02/manage-sessions-in-wordpress-plugin/

    By default, wp unsets the _Session, unless you add it to the array specified in the above link in wp-settings.php.

    Hope this helps someone.

  36. cars Says:
    March 9th, 2010 at 9:37 pm

    SIMPLE, NICE, and HELPFUL!

  37. David Cowgill Says:
    March 10th, 2010 at 1:11 am

    Yes, the best way to do this is via the init hook so you and/or your plugin/theme users don’t need to modify wp-config.php. Here’s the function I use in functions.php:

    function cp_admin_init() {
    if (!session_id())
    session_start();
    }

    add_action(‘init’, ‘cp_admin_init’);

    ~David
    ClassiPress

  38. Øystein Soteland Says:
    March 10th, 2010 at 11:05 am

    Thanks! This solved my problem for making my own plugin!
    DigiFix – din digitale vaktmester – driver datahjelp i Oslo.

    Now I can get moving to make exactly what I need!

  39. Remon Says:
    March 16th, 2010 at 12:25 pm

    Mine session_start still not work.
    I got a script include in a wordpress page, but it seems that the session stay empty.

    If i use the script without include it in wordpress than it works.
    Is there someone who wants to help me ?

  40. bhavani Says:
    March 19th, 2010 at 9:06 am

    thank u sir.
    i am searching for this since 3days

  41. Tareq Says:
    March 26th, 2010 at 9:33 am

    I just inserted session_start() in my plugin file just below the plugin details and it works :D

  42. capsx Says:
    April 8th, 2010 at 2:47 pm

    there is no need for
    if (!session_id())

    u must use only session_start();

  43. BB Says:
    April 11th, 2010 at 5:58 pm

    This works fine with the built in session function but does not for me when using a custom session handler -storing session in a db.

    I am including it on the top of wp-config.php as with this example.

    I’ve tried the wp-settings.php adjustment for variables to unset and am really scratching my head on this one…. any ideas?

    thanks!

  44. Brett Says:
    May 9th, 2010 at 6:20 pm

    I tried all methods on this page and found that Andy Potanin’s (October 5th, 2009 at 2:27 am) solution worked the best. Just add_action() in your plugin initialize file.

  45. John Says:
    May 28th, 2010 at 8:07 am

    Hello Frank,
    Thanks for the session information that is really useful.
    I am not quite familiar about how to use session.
    I wondered if you could get the user name from each user login to the website.

    Thanks.

    john

  46. Hikari Says:
    June 7th, 2010 at 6:34 am

    But will you ask your plugin users to do the same? o.O

    Why don’t put it inside your plugin, just before you need the session data?

    If it’s not set, you set them and consider the user just got to the site. If ID is available, just use it normally because it was started somewhere earlier.

  47. David Says:
    July 13th, 2010 at 4:29 am

    Frank THANK YOU SO MUCH!

    I was trying to figure out why I couldn’t keep the session between my main site and my blog and you’ve solved it for me!

    Cheers!

  48. Yuvraj Says:
    July 14th, 2010 at 9:31 am

    function cp_admin_init() {
    if (!session_id())
    session_start();
    }

    add_action(‘init’, ‘cp_admin_init’);

    Its working….

    thanks all.

  49. Muhammad Salman Raza Says:
    July 21st, 2010 at 3:44 pm

    You saved my day. Thanks for the help :)

  50. Naoshad Nayeem Says:
    July 22nd, 2010 at 3:06 pm

    Nice share. Thanks for posting!

  51. Max Says:
    July 24th, 2010 at 1:01 am

    Hi all! I am developing a theme for commercial use and require sessions to run to add some functionality that is needed.
    At the moment wp_unregister_GLOBALS() seem to be a great problem for me, since modifying wp-setting.php manually is not an option. Has anyone got any ideas on how to add SESSIONS global variable to a $noUnset list, by coding only inside my theme folder? Or maybe desable wp_unregister_GLOBALS()? Or perhaps deactivate register_globals in php setting file of the server? But remember I am limited to doing that by code only from inside my theme folder. Any advise on this will be much appreciated, I’ve been trying to find a solution for a week now and getting very frastrated at wordpress…
    Cheers
    Max

Leave a Reply