Wordpress session management

I'm putting up a site using Wordpress and I'd like to piggyback on its sessions. But I'm not finding any plugins, or even documentation. Any suggestions or references before I start hacking it?

Note: I'm asking about if and how WP uses standard PHP sessions itself, not how to add PHP sessions e.g. using session_start(). Apparently any state WP maintains is accomplished by other means. So if I want to use PHP sessions I need to add and maintain it myself entirely, using techniques like those in the thread.

Thanks all!

Answers


WordPress doesn't appear to call session_start() because it wants to be stateless and if register_globals is defined, it automatically destroys your $_SESSION


It's a very bad idea to modify WP Core files for the ability to use sessions. The best way I've found is to call the session_start() from init action hook.

function kana_init_session() {
  session_start();
}

add_action('init', 'kana_init_session', 1);

You can place it in functions.php file of your theme.

Detailed article can be found here: http://www.kanasolution.com/2011/01/session-variable-in-wordpress/


Consider using WordPress Transient API

Values stored using the Transient API are visible to all users, not just the current user, depending on the unique identifier used to retrieve the transient, you could assign each user a unique identifier essentially causing a transient to behave very much like a session.

Further considerations:


For what I need to do, the best answer involves:

  1. To allow the cookie for wordpress to persist across subdomains, install the Root Cookie plugin.
  2. sub1.domain.com has wordpress; sub2.domain.com is another site. From the other site (sub2), I read the cookies to identify who the user is and if the user is logged in.

My cookies are as follows:

[wordpress_909bb230b32f5f0473202684d863b2e0] => mshaffer|1255298821|d0249fced9c323835c5bf7e84ad3ffea
[wordpress_logged_in_909bb230b32f5f0473202684d863b2e0] => mshaffer|1255298821|56e9c19541ecb596a1fa0995da935700

Using PHP, I can loop over the cookies, parse the key=>value pairs. These cookies let me know that [mshaffer] has a cookie stored on wordpress, and also is authenticated as logged_in. The expiry of the cookie is 1255298821.

In sub2, I can query the database of wordpress and grab the user info:

SELECT * FROM `wp_users` WHERE user_login = 'mshaffer' ... grab user_id, user_email from this query

SELECT * FROM `wp_usermeta` WHERE user_id = '$user_id' ... grab lots of other data from wp

With this info, I can add to my sub2 session variable / cookie and do what I want with the data. I can identify if I am logged in, and my username ... which let's me grab lots of different data. I can now use WordPress authentication in my sub2.domain.com and redirect accordingly.

monte

{x:


Wordpress doesn't seem to use any sessions.

The best way to go about it is to use the action hooks it provides.


Have you checked the solution here this may work for here and its on easy way

http://thedigilife.com/wordpress-how-to-set-session-custom-variable-while-login/


Hooking a function with session_start() on wp_loaded seems to work in this case.


Put this code in wp-config.php at first line:

if (!session_id()) {
    session_start();
}

Put this code in theme's header.php at first line:

session_start();

Then it will maintain all session variables.


If you wanna use your own session values, Wordpress does support it. You need to add following lines at the top of wp-config.php

if (!session_id()) {
    session_start();
}

Then add following line at the top of header.php

session_start();

Need Your Help

Best way to create preview functionality in Rails

ruby-on-rails forms views preview

I'm looking to implement preview functionality in my posts scaffold. All I need to do is allow a user to enter information in the new view (/posts/new) and then replace the submit button with a pre...

Proper way to asynchronously send an email in ASP.NET... (am i doing it right?)

c# asp.net email asynchronous

When a user registers on my website, I don't see why I need to make him "wait" for the smtp to go through so that he gets an activation email.