How To: Enable the Use of Sessions On Your WordPress Blog

WordPress does not use sessions to hold any data being that it is a stateless application. This makes it quite a problem for tasks like a shopping cart, which requires data(the user’s selected product) to be remembered from one page to the next. This means that if you want to use PHP sessions in your plugins or custom modifications of WordPress you will need to do some custom coding.

Luckily the fix is a simple one that anyone can handle! You only need to do a little hacking to enable sessions within WordPress.

Understanding Sessions

A session is a combination of a server-side file containing all the data you wish to store, and a client-side cookie containing a reference to the server data. The file and the client-side cookie are created using the function session_start() – it has no parameters, but informs the server that sessions are going to be used.

When you call session_start(), PHP will check to see whether the visitor sent a session cookie – if it did, PHP will load the session data. Otherwise, PHP will create a new session file on the server, and send an ID back to the visitor to associate the visitor with the new file. Because each visitor has their own data locked away in their unique session file, you need to call session_start() before you try to read session variables – failing to do so will mean that you simply will not have access to their data. Furthermore, as session_start() needs to send the reference cookie to the user’s computer, you need to have it before the body of your web page – even before any spaces.

The WordPress Fix For $_SESSION Variables

So in order to activate session variables within your WordPress installation the only thing you have to do is call session_start(); before any output is send to the client. Normally upgrading your WordPress installation will replace all files, so we will want to install the code within our site theme to avoid the changes from being lost.

We will add the next lines of code to our functions.php file within our theme:

if ( !session_id() )
add_action( 'init', 'session_start' );

It is best place to add these lines is at the top of functions.php, immediately after the php start tag (<?php).

If your server is currently running register_globals on you will also need to modify a function named wp_unregister_GLOBALS and can be found in your wp-settings.php file located in the root directory of the WordPress install. The code you are looking for is located around line 39:

$noUnset = array(‘GLOBALS’, ‘_GET’, ‘_POST’, ‘_COOKIE’, ‘_REQUEST’, ‘_SERVER’, ‘_ENV’, ‘_FILES’, ‘table_prefix’);

To allow sessions you simply have to insert _SESSION into the array. The final code will be:

$noUnset = array(‘_SESSION’,'GLOBALS’, ‘_GET’, ‘_POST’, ‘_COOKIE’, ‘_REQUEST’, ‘_SERVER’, ‘_ENV’, ‘_FILES’, ‘table_prefix’);

Victory!

Sessions are now enabled on your WordPress blog! You can now use PHP sessions on your WordPress plugins or custom modifications.

31 thoughts on “How To: Enable the Use of Sessions On Your WordPress Blog

  1. I have problem with use session in Firefox. If I set to session some value and I go to next page where I want get this value so I will get different value. In IE, Chrome is it OK. Do you know somebody where is problem?
    Thanks everybody

  2. Just what I’ve been looking for, I used wp-config.php to enable the session but I think this is a better way using functions.php at least we’re not changing core files this way. Thanks!

  3. I am getting problem with use session in Firefox n chrome. session variables work fine in IE but not in above two browsers. I integrated the blog(version 3.0.1) in existing website and being logged in when I click to enter in blog section, session variables lost their values. I already started session in function.php and it works in IE but not in remaing two. cookies are already enabled.

    Help please..

    Ashish

  4. Man you just made a huge contribution to humanity.

    @Arpita: same happened to me, but I think Apache took some time to reload the new configurations. Yesterday, Session variables weren’t working; today morning I was completely frustrated after almost a day long without a solution for a simple problem and, suddenly, when I gave Session variables a new try, there they were. Beautiful.

    Thanks, Gino!

  5. Hey guys….
    m totally frustrated with this problem.
    after reading this post i did the same,now session is working in firefox but not in any other browser….
    i have made a module for user login and m displaying the username in the header after login…
    After login when user return to my site username is replaced by again “Member Login”…
    All the session values are destroyed….
    Please help….

  6. Hiya – good stuff. Suggestions? 1/ add something about using phpinfo to get the server behaviour for register_globals? And 2/ please move the reCAPTCHA above the comment box… I didn’t see it until after submitting (and losing) a comment!

    Finally – tested just fine on WordPress 3.1.2, Safari, FF, Chrome and MSIE 8 and 9, so far.

  7. I added ‘_SESSION’ to the $noUnset array as per the guide. Is this going to be overwritten whenever I upgrade wordpress? (I am using WP 3.2 and the updated file is wp-includes/load.php)

    Thanks in advance for your input!

    • You should be alright upgrading your WordPress installation. Sessions still work as of 3.2.1 using this method.

  8. Changing core files (wp-includes/load.php) seems like dancing on fire to me. Is this really an acceptable solution? How can you get away with that for very long?

  9. Hi,

    I am using custom session in WordPress. I have added custom login code. I have added this code in functions.php file within my theme:

    if ( !session_id() )
    add_action( ‘init’, ‘session_start’ );

    and add To allow sessions I have simply insert _SESSION into the array in load.php.

    $noUnset = array(‘_SESSION’,’GLOBALS’, ‘_GET’, ‘_POST’, ‘_COOKIE’, ‘_REQUEST’, ‘_SERVER’, ‘_ENV’, ‘_FILES’, ‘table_prefix’)

    BUT NOT WORKING IN FIREFOX. can anyone please help me as I really need it urgent.

    Thanks

  10. Pingback: Howe Multi-core Processor Accelerate your LAMP Application | Amigo's Techinical Notes

  11. Pingback: How Multi-core Processors Accelerate your LAMP Applications | Amigo's Techinical Notes

  12. Hi,
    I have a shopping cart website developed in WordPress and Woocommerce. If user is logged in and closed the browser/browser tab how much time that session is validate for? If i open a new tab/window and browse my website it shows me again the same user as logged in. I do not want this behavior. I want session should get clear immediately after i close browser. How can this be achievable?
    Please send reply asap.

  13. I am currently using sessions to keep the referring URL. The problem that I am finding is that the values are being stored inside of a WordPress caching plug-in. Is it possible to get around caching issues when dealing with session variables?

Leave a Reply

Your email address will not be published. Required fields are marked *