Session Variables Set Twice? Crazy behavior!

Update:

It turns out that something in my stylesheet is causing the problem.

If I remove it, it works again. Weird!

I am running into $_Session[] not keeping data per user. Two questions:

1- how do you enable sessions in wordpress? I googled and got adding session_start() into wp-settings.php

2- what was it in your css file that caused this problem?

My sessios[] are acting more like Globals, they keep the data as long its one user, but when its multiple users on the site, the data is all confused and one user data shows up for the other etc.

any help is appreciated

@a.dysl

I started the session by calling session_start() in header.php but wp-settings.php would be fine. Just as long as it’s called before you set / get your session variable. If you place it in wp-settings.php, it will be applied of your themes.

It turns out that my CSS was using an @import clause to a bad location. I read online of someone else having an experience with session variables in wordpress caused by a bad ‘favicon’ link in the header. I started taking the code apart, line by line, and found that I was able to stop the double submit by removing my stylesheet include statement.

I conclude that the problem is called when you reference a bad file with an include or style declaration.

For example, if you were to reference a file incorrectly:
<link rel="stylesheet" href="<?php bloginfo('url');?>/badfile.css" type="text/css" media="screen" />
instead of
<link rel="stylesheet" href="<?php bloginfo('stylesheet_url');?>/style.css" type="text/css" media="screen" />

the browser would try to open https://www.domain.com/wp-content/your-theme/badfile.css which doesn’t exist. What would happen instead is that it would hit the 404 page, which in turn calls the header (where I am setting my session variable).

By including or referencing a bad HTML location I was hitting the 404 page and setting my session variable twice. Once for the page I’m loading, and then again for the 404 page (caused by mistyping my stylesheet path).

well, i wish i can find out whats wrong with my css, because so far I dont, and my sessions are not working.

do you have an email I can reach you?

Put this at the top of your header.php and paste the output in a comment:

<?php
echo "Register Globals: ".ini_get('register_globals')."<br/>";
session_start();
$_SESSION['test'] = 'foobar';
print_r($_SESSION);
?>

it printed out all session content, most of it confidential information i cant paste it on this public blog. but whats interesting it is all for the other current logged in user, not my user info. this is somehow my problem, the session variables are keeping one user at a time, it doesnt keep the session information per user. its acting more like global variables not user session information.

[msg_text] => [msg_type] => [test] => foobar )

I understand what you are saying.

The output shows that your session is starting correctly.

Session variables are usually set for each browser. If you logout a user you will need to destroy the session with session_destroy). I would use a filter on the logout hook to do this.

Try it with two browsers, ie. firefox for one user, and chrome for a 2nd user. It should show the variables different for two different users.

i am doing that, i am using safari for one user, and firefox for another, they are both showing the same information for one of the user, typically the latests one that updated the session variables.

my code that is using the session variables is php legacy code that is invoked from a link in one of the wordpress pages. this code is suppose to execute and use the “currently logged in” user specific information. however, what i am seeing is this code executes just fine if there is only one user executing this external code (php). but if two users logon to the site, run the same external code, then the session variables are scrambled and typically the last user running the function is the one that his data is used for both users. it doesnt look like the session is linked to the right user. this is weird, as if there is no user specific session information, the session information is persistent correctly, however, its 1 copy only used for all users.

i am starting to think about cookies, it doesnt look like cookies are set properly for each user? I learned that cookies are set everytime a session_start() is called or a session is started, the cookie typically has the session specific id and is unique to the user. I dont think that is happening here. it looks like the server is using the last stored session information for all current logged in users.

can this be resolved with cookies maybe?

guess what, i just did session_destroy() for user1 who just finished executing this legacy php code. user 2 who was in the middle of executing the same code got his session destroyed as well!!

it looks like there is only 1 session at a time, it doesnt matter how many users are logged in and executing that code. how can that be?

SOLVED!

what a nightmare. I ended up using
session_start();
session_regenerate_id();
in two specific locations. One in wp-login.php on top of the file. and the second one is right before my php legacy code starts. I believe it was the cookies being not set properly all along. Users sessions were being stepped over as the cookies were not connecting properly to the session at the server. Using regenerate id reenforces the process of setting the cookie and tie it to the right session.

thanks for the tip stevenkword, printing from header.php is a life saver.

@a.dysl

That is great news! I know how frustrating code can be when you just can’t figure out WHY something is not working like you think it should.

I wish I could have provided more help there at the end, but I’m glad I was able to offer SOME assistance.

It looks like we both learned something new this week. Cheers to that!

just also configured that QuickCache plugin was contributing to the problem by cashing the SESSION ID. Once quick cache was disabled, things worked fine.