WordPress does not use sessions to hold any data being that it is a stateless application. This makes it quite a problem for tasks like a shopping cart, which requires data(the user’s selected product) to be remembered from one page to the next. This means that if you want to use PHP sessions in your plugins or custom modifications of WordPress you will need to do some custom coding.
Luckily the fix is a simple one that anyone can handle! You only need to do a little hacking to enable sessions within WordPress.
A session is a combination of a server-side file containing all the data you wish to store, and a client-side cookie containing a reference to the server data. The file and the client-side cookie are created using the function session_start() – it has no parameters, but informs the server that sessions are going to be used.
When you call session_start(), PHP will check to see whether the visitor sent a session cookie – if it did, PHP will load the session data. Otherwise, PHP will create a new session file on the server, and send an ID back to the visitor to associate the visitor with the new file. Because each visitor has their own data locked away in their unique session file, you need to call session_start() before you try to read session variables – failing to do so will mean that you simply will not have access to their data. Furthermore, as session_start() needs to send the reference cookie to the user’s computer, you need to have it before the body of your web page – even before any spaces.
The WordPress Fix For $_SESSION Variables
So in order to activate session variables within your WordPress installation the only thing you have to do is call session_start(); before any output is send to the client. Normally upgrading your WordPress installation will replace all files, so we will want to install the code within our site theme to avoid the changes from being lost.
We will add the next lines of code to our functions.php file within our theme:
if ( !session_id() )
add_action( 'init', 'session_start' );
It is best place to add these lines is at the top of functions.php, immediately after the php start tag (<?php).
If your server is currently running register_globals on you will also need to modify a function named wp_unregister_GLOBALS and can be found in your wp-settings.php file located in the root directory of the WordPress install. The code you are looking for is located around line 39:
$noUnset = array(‘GLOBALS’, ‘_GET’, ‘_POST’, ‘_COOKIE’, ‘_REQUEST’, ‘_SERVER’, ‘_ENV’, ‘_FILES’, ‘table_prefix’);
To allow sessions you simply have to insert _SESSION into the array. The final code will be:
$noUnset = array(‘_SESSION’,'GLOBALS’, ‘_GET’, ‘_POST’, ‘_COOKIE’, ‘_REQUEST’, ‘_SERVER’, ‘_ENV’, ‘_FILES’, ‘table_prefix’);
Sessions are now enabled on your WordPress blog! You can now use PHP sessions on your WordPress plugins or custom modifications.
wow! what a great guide… i never thought it would be so easy to enable sessions! thanks!
its not working in firefox browser
i don’t have function.php into my theme….
i don’t know how can i activate sessions 🙁
help please 🙂
The function wp_unregister_GLOBALS is in load.php in wordpress 3 & higher.
By the way OXO, you can simply create a new file called functions.php in your theme and add the code there.
I have problem with use session in Firefox. If I set to session some value and I go to next page where I want get this value so I will get different value. In IE, Chrome is it OK. Do you know somebody where is problem?
Just what I’ve been looking for, I used wp-config.php to enable the session but I think this is a better way using functions.php at least we’re not changing core files this way. Thanks!
I have the dsam e problem, any one have a solution
I am getting problem with use session in Firefox n chrome. session variables work fine in IE but not in above two browsers. I integrated the blog(version 3.0.1) in existing website and being logged in when I click to enter in blog section, session variables lost their values. I already started session in function.php and it works in IE but not in remaing two. cookies are already enabled.
after doing this all, still not working properly sometimes.
This is a great post and now i have some things I can add to my own press. Thanks for sharing.
Man you just made a huge contribution to humanity.
@Arpita: same happened to me, but I think Apache took some time to reload the new configurations. Yesterday, Session variables weren’t working; today morning I was completely frustrated after almost a day long without a solution for a simple problem and, suddenly, when I gave Session variables a new try, there they were. Beautiful.
m totally frustrated with this problem.
after reading this post i did the same,now session is working in firefox but not in any other browser….
i have made a module for user login and m displaying the username in the header after login…
After login when user return to my site username is replaced by again “Member Login”…
All the session values are destroyed….
Hiya – good stuff. Suggestions? 1/ add something about using phpinfo to get the server behaviour for register_globals? And 2/ please move the reCAPTCHA above the comment box… I didn’t see it until after submitting (and losing) a comment!
Finally – tested just fine on WordPress 3.1.2, Safari, FF, Chrome and MSIE 8 and 9, so far.
I added ‘_SESSION’ to the $noUnset array as per the guide. Is this going to be overwritten whenever I upgrade wordpress? (I am using WP 3.2 and the updated file is wp-includes/load.php)
Thanks in advance for your input!
You should be alright upgrading your WordPress installation. Sessions still work as of 3.2.1 using this method.
Changing core files (wp-includes/load.php) seems like dancing on fire to me. Is this really an acceptable solution? How can you get away with that for very long?
thanks for this, very good fix!
I am using custom session in WordPress. I have added custom login code. I have added this code in functions.php file within my theme:
if ( !session_id() )
add_action( ‘init’, ‘session_start’ );
and add To allow sessions I have simply insert _SESSION into the array in load.php.
$noUnset = array(‘_SESSION’,’GLOBALS’, ‘_GET’, ‘_POST’, ‘_COOKIE’, ‘_REQUEST’, ‘_SERVER’, ‘_ENV’, ‘_FILES’, ‘table_prefix’)
BUT NOT WORKING IN FIREFOX. can anyone please help me as I really need it urgent.
Hey…some information I was looking for that others might be as well: How to tell if register_globals is on or off on your server – http://wordpress.org/support/topic/important-security-information-updated
Great! Very useful, thank you very much!
And it works in firefox!
I have to add a session in the index home page.If it is status is one , one new link has been displayed in the home page until the session has been logged out.
Thanks A TON! It worked 🙂
If we update the theme, will the changes inside ‘functions.php’ get lost ?
Why not start the session at the top of ‘wp-config.php’ ?
Pingback: Howe Multi-core Processor Accelerate your LAMP Application | Amigo's Techinical Notes
Pingback: How Multi-core Processors Accelerate your LAMP Applications | Amigo's Techinical Notes
I have a shopping cart website developed in WordPress and Woocommerce. If user is logged in and closed the browser/browser tab how much time that session is validate for? If i open a new tab/window and browse my website it shows me again the same user as logged in. I do not want this behavior. I want session should get clear immediately after i close browser. How can this be achievable?
Please send reply asap.
Nice blog!!! This page will help freshers in web development field.Thank to blog author.
PHP Training in Chennai
I am currently using sessions to keep the referring URL. The problem that I am finding is that the values are being stored inside of a WordPress caching plug-in. Is it possible to get around caching issues when dealing with session variables?
To work with firefox guys:
Good Suggestions, thanks for sharing
Great tips, to my surprise this still works in 2020 🙂
Professional web design development makes it easier for startups to stand out online by offering a distinct brand image. It’s critical to set oneself apart from the competition, and good site design helps with that. You give yourself a wonderful chance to create an impact on potential clients by hiring competent web development services for your startup. A website’s appearance begins with a mouse click, therefore an unappealing site may drive visitors away until they find something more appealing.
By providing a distinct brand image, professional web design development makes it easier for startups to stand out online. It’s vital to distinguish oneself from the competitors, and effective web design can help. By employing expert web development services for your startup, you provide yourself a fantastic opportunity to make an impression on potential clients. Because the first click on a website determines its appearance, an ugly site may drive visitors away until they find something more appealing.