I have been searching for hours and cant find the answer to this one.
I am trying to add the referring url to an email message (form sent by visitor on the website) so I can know what website the visitor was referred from. (part of ongoing analytic).
I am trying to set the SERVER["HTTP_REFERER"] into a session like so..
if(!isset($_SESSION["inbound"])) {
$_SESSION["inbound"] = $_SERVER["HTTP_REFERER"];
}
but the session keeps changing every time another page is loaded. I presumed putting the ! before isset would tell it that there is already a session and not to try adding it again.
I have also tried it this way (and a combinations of other ways):
if(isset($_SESSION["inbound"])) {
// do nothing
} else {
$_SESSION["inbound"] = $_SERVER["HTTP_REFERER"];
}
I am doing this in WordPress, but I dont think that should be an issue. I have used sessions in Wordpress many times before without any problems.
Any advice or help is greatly appreciated!
Thanks
Eoin
UPDATE: Have tried it like this:
function get_ref_session() {
if(!isset($_SESSION["inbound"])) {
$the_referer = $_SERVER["HTTP_REFERER"];
$_SESSION["inbound"] = $the_referer;
}
}
add_action( 'wp_head', 'get_ref_session' );
No joy this way either :(
Tried this in the plugin and in functions.php, no joy. (at the top)
function register_session(){
if( !session_id() )
session_start();
}
add_action('init','register_session');
Wordpress does not use PHP sessions by default. It directly sets cookies to manage its own sessions.
You need to include session_start(); before any header information is sent. Otherwise no session data will be saved.
How to use session in wordpress in plugin development
function register_session(){
if( !session_id() )
session_start();
}
add_action('init','register_session');
After a big more digging, turns out that its caching of the pages that are preventing the sessions from working properly..
When logged into wordpress sessions work fine, but when logged out (which all the visitors will be) they don't work.
Think im gonna have to look into doing this with cookies instead.
Related
I have a page, login.php, that processes a username and password and if successful it sets session variables and then redirects the user to home.php. The relevant part of login.php is here:
if ($pwdHash == $storedpass) {
$success = true;
$sessionStatus = session_status();
if ($sessionStatus !== PHP_SESSION_ACTIVE) {
session_start();
}
$_SESSION['user_id'] = $user;
$_SESSION['logged_in'] = true;
session_write_close();
header('Location: http://www.examplesite.com/home.php');
header("HTTP/1.1 303 See Other");
die("redirecting");
}
Then home.php tries to collect the session variable
$sessionStatus = session_status();
if ($sessionStatus !== PHP_SESSION_ACTIVE) {
session_start();
}
$loggedIn = $_SESSION['logged_in'];
The problem is that on the first login attempt, $_SESSION['logged_in'] is undefined and generates an error, even though login.php was successful.
Notice: Undefined index: logged_in
A var_dump of $_SESSION returns an empty array, but sessionStatus reports that the session was already started, it did not have to execute session_start.
This forces the user to log in a second time, then everything is fine. So is the redirect just happening too fast for the session variable to get set? Should I put a delay in the redirect? (and how would I do that?) Or is this something else that I'm doing wrong?
EDIT: I've checked with my host based on an answer to a similar question and confirmed that a session would never be served by more than one server and there is no need to enable sticky sessions or anything like that. I've also updated the code above based an answer offered below and some other research but the error persists.
The session is probably automatically saved when the script ends. You redirect before the script ends.
How long your script takes to really end depends very much on what other code needs to wind down. It is better to explicitly save the session.
How to do this depends on what kind of sessions you use. One type can be closed like this:
http://php.net/manual/en/function.session-write-close.php
If that's the one you're using do this:
if ($pwdHash == $storedpass) {
$success = true;
$_SESSION['user_id'] = $user;
$_SESSION['logged_in'] = true;
session_write_close();
header('Location: http://www.examplesite.com/home.php');
header("HTTP/1.1 303 See Other");
die("redirecting");
}
And the session should be available to the next page when you redirect.
If your sessions work differently, you have to adapt the code, of course. The point I'm trying to make is: Never put a delay in your code. It's unreliable, and pointless. Simply save the session before you redirect.
I have experienced the same issue while writing the session content to the database.
To make it work I have added the sleep() function before setting the session variable, just like below.
sleep(2);
$_SESSION['GUID'] = uniqid(time().rand());
It resolves the issue for me.
We have observed this issue when the page hits are frequent but if one or two users are accessing the page it works as expected.
I have encountered this same issue with a login page but none of the suggestions work for me. The only thing I've found that does work is redirecting the page to itself after 1 second and then checking the session variables to see if the login was successful...
startSession(); // assigns all the login session variables, etc.
header('Refresh: 1; URL=/[THIS_PAGE].php'); // [THIS_PAGE] = the current login page
However, this is a very inelegant solution and I don't like using it. But it "works".
This problem persists. In my case, the user login goes without a problem to the protected homepage, but clicking on a menu link causes the user to be dumped back to the login page to login again. A check on certain Session values (required for both pages) shows these are not set on going to the specific menu link (while other menu links cause no problem). The code requiring a session value is the same in all cases. Not all users experience the problem. Seems that those with less robust connections to the internet always experience this problem. Others, never.
I have a client page using PHP which then goes to a Wordpress page. The session on the client page is remembered, but when I load a new page from Wordpress, the session is empty. Why does Wordpress not store my session data like my client page does?
This code is on the login page:
my_session_register('user_id');
$_SESSION['user_id']=$user_id;
header('Location: booking_user.php');
This code checks the session in Wordpress:
if (!my_session_is_registered('user_id')) {
header('Location: login.php');
}
I just don't know how to persist the session to Wordpress.
You forgot to add session_start() that might cause problem.
If you are going to use $_SESSION there must be session_start()
Learn more about it: Here
You have to add session_start(); on every page u use session or alternatively save it in a file and include it everytime.
Though I am answering the same as the other two answers, I will tell you why. Wordpress is stateless so by default you can not push data from page to page using $_SESSION. That is why you have to add session_start() on the Wordpress site. You may want to throw the session_start() into an init hook in Wordpress:
// You may just be able to write this
add_action( 'init', 'session_start' );
If the above doesn't work (I don't see why it wouldn't):
// You can add your own function as a wrapper
add_action( 'init', 'startCustomSession' );
function startCustomSession()
{
session_start();
}
I was wondering if anyone could give me an idea of how to pass a variable to another page in Wordpress.
I need to be able to use the get_the_ID(); function to set a variable which can be accessed from any page.
Would I be able to store the variable in a session or would that be a security issue?
Am I completely on the wrong track because to be honest, I have no idea what I'm doing.Any help would go a long way.
Cheers
Using session is not a security issue as long as you not getting any user input (otherwise sanitize/encrypt your value).
Go ahead and use it like this
<?php
$_SESSION['next-page-id'] = get_the_ID(); // once set
Now in your whole application you can access your session variable like this:
if ( isset( $_SESSION['next-page-id'] ) ) { // remember to check if it set or not
echo $_SESSION['next-page-id'];
}
Edited:
You don't have to use session_start() on top of each page instead you should add a function in init hook.
Just paste this tiny code to your functions.php file
function session_initialize() {
if ( ! session_id() ) {
session_start();
}
}
add_action( 'init', 'session_initialize' );
Is it possible for a user to view session variables?
No, a user can't able to view your session at all. If they don't have access to your files.
How does wordpress stop users from creating their own session variables?
Remember Wordpress not use session in its whole application (Only Cookies). Users cannot create session variables. As said above they have to write code to your php file (or somehow they inject code to your application if any plugin or theme found vulnerable).
I've been thinking about this for a while and I was wondering if anyone would be able to help me figure this out. I have a website, www.domain.com/page that I'm working on. The page also has the ability of having page;var=whatever at the end.I'm trying to limit how many $_POST/$_REQUEST variables I need. Is there any way to keep a session variable active only while I'm on /page so that if a user goes to /page;var=whatever the session variable is still around but not if they go to /anotherPage? Thanks!
An easy solution would be this:
session_start();
$uri = parse_url($_SERVER['REQUEST_URI']);
if (isset($_SESSION['page']) && $_SESSION['page'] != $uri['path']) {
// We went to a new page
unset($_SESSION['var']);
}
// Remember our current page.
$_SESSION['page'] = $uri['path'];
I've looked around on the internet, including stack overflow, for a few days trying to resolve my issue with PHP sessions. For one, I've noticed that most of the tutorials simply say "Here's the code, go use it." and not so much "This is how it works." Additionally, all of the issues/answers I find seem to be about information being lost on refresh or after switching pages and none of these apply to me.
The data in $_SESSION is being stored/loaded no matter which page I view. My issue is, when I view the session files on the server, there is no data in them. Additionally, when I destroy a session or unset the variables the information is still stored and the next time $_SESSION is accessed the old information is retrieved.
To troubleshoot the behavior of sessions on my server I created an extremely simple script:
<?php
// Use $HTTP_SESSION_VARS with PHP 4.0.6 or less
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
} else {
$_SESSION['count']++;
}
echo $_SESSION['count'];
?>
This is ALL of the code on the page (viewable here: ). Every time this page is refreshed a new, blank, session file is saved into the specified directory on the server and the counter does not increase.
More information:
For information regarding php install:
Hosted on GoDaddy Shared Hosting - Linux OS
I will update the permissions on the phpsessions directory to be temporarily browseable shortly. ()
You need to call session_start() before you try to use the session.
You have to start your session using session_start()
Not only once in every page you use sessions make sure to have session_start()
Like this:
<?php
session_start();
// Use $HTTP_SESSION_VARS with PHP 4.0.6 or less
if (!isset($_SESSION['count'])) {
$_SESSION['count'] = 0;
} else {
$_SESSION['count']++;
}
echo $_SESSION['count'];
?>
UPDATE:
I haven't been to stack overflow in a while and decided to look back at this question because it was 1 of the only 2 I asked. I'd like to mention that the issue was that the php session name was changed and needed to be changed back to the default.