I have a client page using PHP which then goes to a Wordpress page. The session on the client page is remembered, but when I load a new page from Wordpress, the session is empty. Why does Wordpress not store my session data like my client page does?
This code is on the login page:
my_session_register('user_id');
$_SESSION['user_id']=$user_id;
header('Location: booking_user.php');
This code checks the session in Wordpress:
if (!my_session_is_registered('user_id')) {
header('Location: login.php');
}
I just don't know how to persist the session to Wordpress.
You forgot to add session_start() that might cause problem.
If you are going to use $_SESSION there must be session_start()
Learn more about it: Here
You have to add session_start(); on every page u use session or alternatively save it in a file and include it everytime.
Though I am answering the same as the other two answers, I will tell you why. Wordpress is stateless so by default you can not push data from page to page using $_SESSION. That is why you have to add session_start() on the Wordpress site. You may want to throw the session_start() into an init hook in Wordpress:
// You may just be able to write this
add_action( 'init', 'session_start' );
If the above doesn't work (I don't see why it wouldn't):
// You can add your own function as a wrapper
add_action( 'init', 'startCustomSession' );
function startCustomSession()
{
session_start();
}
Related
I have been searching for hours and cant find the answer to this one.
I am trying to add the referring url to an email message (form sent by visitor on the website) so I can know what website the visitor was referred from. (part of ongoing analytic).
I am trying to set the SERVER["HTTP_REFERER"] into a session like so..
if(!isset($_SESSION["inbound"])) {
$_SESSION["inbound"] = $_SERVER["HTTP_REFERER"];
}
but the session keeps changing every time another page is loaded. I presumed putting the ! before isset would tell it that there is already a session and not to try adding it again.
I have also tried it this way (and a combinations of other ways):
if(isset($_SESSION["inbound"])) {
// do nothing
} else {
$_SESSION["inbound"] = $_SERVER["HTTP_REFERER"];
}
I am doing this in WordPress, but I dont think that should be an issue. I have used sessions in Wordpress many times before without any problems.
Any advice or help is greatly appreciated!
Thanks
Eoin
UPDATE: Have tried it like this:
function get_ref_session() {
if(!isset($_SESSION["inbound"])) {
$the_referer = $_SERVER["HTTP_REFERER"];
$_SESSION["inbound"] = $the_referer;
}
}
add_action( 'wp_head', 'get_ref_session' );
No joy this way either :(
Tried this in the plugin and in functions.php, no joy. (at the top)
function register_session(){
if( !session_id() )
session_start();
}
add_action('init','register_session');
Wordpress does not use PHP sessions by default. It directly sets cookies to manage its own sessions.
You need to include session_start(); before any header information is sent. Otherwise no session data will be saved.
How to use session in wordpress in plugin development
function register_session(){
if( !session_id() )
session_start();
}
add_action('init','register_session');
After a big more digging, turns out that its caching of the pages that are preventing the sessions from working properly..
When logged into wordpress sessions work fine, but when logged out (which all the visitors will be) they don't work.
Think im gonna have to look into doing this with cookies instead.
I'm trying to pass the URL of a page to a session variable, so i can use it in a login plugin.
The login plugin only refers to the profile page, but it won't refer to the previous page the user was on. I've tried using wp_get_referer(); in the login plugin itself, but because the login form sends it to a different page, the previous page according to wordpress is the login page.
In order to do this i first of all put the following in my functions.php:
add_action('init', 'myStartSession', 1);
function myStartSession() {
if(!session_id()) {
session_start();
}
}
In my header.php, I check if the user is on the login (profiel) page or not. If he isn't, the current URL should be placed in a session variable. If he is, the session variable shouldn't change. To do this, i use the following code, right below the start of <body>:
<?php
if (!is_page('profiel')) {
$_SESSION["refurl"] = $_SERVER['HTTP_REFERER'];
}
?>
However, this only seems to work sometimes. On the 'profiel' page, where the login form is, I added <?php echo 'session' .$_SESSION["refurl"]; ?> to check wether or not the previous URL has been saved to the session variable. The problem is that a lot of the times it refers to my home url, instead of the page previously visited. What am i doing wrong?
I was wondering if anyone could give me an idea of how to pass a variable to another page in Wordpress.
I need to be able to use the get_the_ID(); function to set a variable which can be accessed from any page.
Would I be able to store the variable in a session or would that be a security issue?
Am I completely on the wrong track because to be honest, I have no idea what I'm doing.Any help would go a long way.
Cheers
Using session is not a security issue as long as you not getting any user input (otherwise sanitize/encrypt your value).
Go ahead and use it like this
<?php
$_SESSION['next-page-id'] = get_the_ID(); // once set
Now in your whole application you can access your session variable like this:
if ( isset( $_SESSION['next-page-id'] ) ) { // remember to check if it set or not
echo $_SESSION['next-page-id'];
}
Edited:
You don't have to use session_start() on top of each page instead you should add a function in init hook.
Just paste this tiny code to your functions.php file
function session_initialize() {
if ( ! session_id() ) {
session_start();
}
}
add_action( 'init', 'session_initialize' );
Is it possible for a user to view session variables?
No, a user can't able to view your session at all. If they don't have access to your files.
How does wordpress stop users from creating their own session variables?
Remember Wordpress not use session in its whole application (Only Cookies). Users cannot create session variables. As said above they have to write code to your php file (or somehow they inject code to your application if any plugin or theme found vulnerable).
I'm developing a website, where in most of pages user need to log in to view pages of website. What is the best way to check if user is logged in or not, and if not redirect it to log-in page.
currently I'm using following code to do that.
if(!isset($_SESSION["username"])) //I set the session when user log in and destroy when user logout
header("location: login.php");
There are lot of pages and I put this code in every page. It also works well.
I want to know is there any other batter way to do this? Or what I'm doing is good way? and I don't need to change anything.
Simple Solution is create a file named as session.php
include your session checking code into that. Like,
if(!isset($_SESSION['YOUR_VAR'])) {
header('Location: login.php');
}
include this file into all your pages, with include OR require
I prefer require function. example in your home.php file at the beginning of page write,
<?php
session_start(); //don't forget to do this
require('session.php');
?>
NOTE : In future if you enhance your session checking code you just
have to change one file.
I usually just set a session like this once the user logs in:
$_SESSION['loggedIn'] = TRUE;
Then just check if TRUE or FALSE when needed.
ex:
if($_SESSION['loggedIn']){
//Something here
} else{
//Don't do it
}
It is depend on you architecture. If you are using any framework, like symfony you don't need to handle these for each and every page. I guess you are using pure PHP without any framework support. So you need to check whether the user is authenticated for each and every request by your own. I suggest you to without placing code segment related to logout in every page, just place it in a global function and call it in your every page. So that, if you want any simple change in that code segment, you can achieve it only changing that global function
For logging out a user from my website, I am redirecting the page to logout.php where I am using session_destroy() function. Even there also, logout functionality is not working without session_start() function. By adding session_start() function before session_destroy() function, I am able to logout the user successfully.
Why do I need to use session_start() function everytime and in every page where I am doing something related to sessions?
session_destroy() destroys the active session. If you do not initialized the session, there will be nothing to be destroyed.
Why do I need to use session_start() function everytime and in every page where I am doing something related to sessions?
So PHP knows which session to destroy. session_start() looks whether a session cookie or ID is present. Only with that information can you destroy it.
In the default configuration, PHP Sessions operate off of the hard disk. PHP asks you to explicitly tell it when you need this support to avoid unnecessary disk IO.
session_start() also tells PHP to find out if the user's session exists.
session_start() creates a session or
resumes the current one based on a
session identifier passed via a GET or
POST request, or passed via a cookie.
as per http://php.net/manual/en/function.session-start.php
Essentially by calling session_start(), PHP reads the header and cross references that session ID to what is on your system(file system/database/etc), which can then populate the $_SESSION that is relavent to that specific user. Which in turn allows you to call session_destroy() because it knows what session to actually destroy.
consider session_start() as your way of telling the php engine.... that you want to work with sessions.
and, as i understand it, always make that to be the first line ever in php page.
I was confused with the usage of session_start(); and every time I was using a session variable, I was calling session_start. Precisely, I had session_start(); more than once on each page (without even calling session_destroy()). For example,
// 1st call
session_start();
if (!isset($_SESSION['UserID']))
{
// Do something
}
else
{
// Do something else
}
// .... some other code
// 2nd call
session_start();
if (!isset($_SESSION['UserID']))
{
// Do something totally different
}
else
{
// Do something else totally different
}
This was creating a performance issue for me. So I ended up calling session_start(); just once at the very top of the page and everything seems to be working fine.
You have to call session_start once (and only once) in every file you want sessions to work in.
A common approach allowing you to only call it once is to have a dispatcher file as your index.php; call session_start in here and have this page include others based on the url's $_GET.
<?php
session_start();
if(isset($_GET['page']) && file_exists('pages/'.$_GET['page'].'.php') {
include $_GET['page'];
}
?>
//www.mysite.com/index.php?page=fish will display /pages/fish.php with session access