PHP Session Gets Lost After Redirect
Question
I have a wordpress website hosted at wordpress.org. And also an independent PHP application deployed on the same location (sharing the same hosting).
The independent application has its own login page and home page. When a user logins, I set a session flag indicating user has logged in. However, when I redirect to user home page (after login), all the values from $_SESSION are lost.
Cookie path is set to the '/' and session.save_path is set to '/var/lib/php5'
I have checked the answer given in PHP session lost after redirect and verified all points.
Also, I have followed the steps mentioned here https://wordpress.org/support/topic/php-_session-info-gets-lost-from-an-external-login-page-to-a-wp-installation
But none of these are working.
Can anyone suggest what could be the possible issue and resolution for it? Thanks.
PHP Version: 5.5.9-1ubuntu4.19
1 answers
solution1
0 2016-08-10 20:09:04
You really shouldn't comment out or amend wp_unregister_globals. Checkout http://silvermapleweb.com/using-the-php-session-in-wordpress/ for examples of how to achieve sessions in Wordpress without messing with wp_unregister_globals.
I use this and it works a treat:
add_action('init', 'myStartSession', 1);
function myStartSession() {
if(!session_id()) {
session_start();
}
}
I would also consider storing your session data in the database rather than in files, particularly as you are in a shared server environment. Anyone else on that server could potentially access your sites session data and take over a users session.
In my most recent plugin I created a new table in the Wordpress database to store session data, then use set_session_save_handler to change the behaviour. So my start session script became something like this:
add_action('init', 'myStartSession', 1);
function myStartSession() {
if(!session_id()) {
session_set_save_handler('open_session', 'close_session', 'read_session', 'write_session', 'destroy_session', 'clean_session');
session_start();
}
}
add_action( 'session_gc', 'session_gc');
if ( ! wp_next_scheduled( 'session_gc' ) )
{
wp_schedule_event( time(), 'hourly', 'session_gc' );
}
function open_session()
{
return true;
}
function close_session()
{
return true;
}
function read_session($sessionid)
{
global $wpdb;
$session_table_name = $wpdb -> prefix . "sessions";
$query = $wpdb->prepare(
"SELECT data FROM $session_table_name
WHERE id = %s",
$sessionid);
$result = $wpdb -> get_var($query);
if ($result)
{
return $result;
} else
{
return '';
}
}
function write_session($sessionid,$data)
{
global $wpdb;
$session_table_name = $wpdb -> prefix . "sessions";
$rowsaffected = $wpdb->replace(
$session_table_name,
array(
'id' => $sessionid,
'data' => $data
),
array(
'%s',
'%s'
));
return true;
}
function destroy_session($sessionid)
{
global $wpdb;
$session_table_name = $wpdb -> prefix . "sessions";
$rowsaffected = $wpdb->delete($session_table_name,array('id' => $sessionid),array('%s'));
$_SESSION = array();
return true;
}
function clean_session($expire)
{
global $wpdb;
$session_table_name = $wpdb -> prefix . "sessions";
$wpdb->query(
$wpdb->prepare(
"DELETE FROM $session_table_name
WHERE DATE_ADD(last_accessed, INTERVAL %d SECOND) < NOW()",
$expire
)
);
return true;
}
function session_gc() {
global $wpdb;
$session_table_name = $wpdb -> prefix . "sessions";
$query = "DELETE FROM $session_table_name WHERE last_accessed < date_sub(CURRENT_TIMESTAMP(), INTERVAL 1 DAY)";
$wpdb->query($query);
}
See http://www.stormyfrog.com/using-wpdb-outside-wordpress/ for tips on accessing the $wpdb class from outside Wordpress. You could simply include wp-load.php, then I think you would get the session behaviour for free as I'm pretty sure the init hook comes in after wp-load.php, the downside to that of course is you put the overhead of loading Wordpress into your own pages which you may not want.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.