session_start() leads to warning in the health check

  • Anonymous User 17880307

    (@anonymized-17880307)


    3 years, 7 months ago

    It seems there is an issue with session_start() in your code.

    Especially when you are logged into the backend and open the health check section it warns that there was another session started.

    add_action('init', 'myStartSession', 1);
add_action('wp_logout', 'myEndSession');
add_action('wp_login', 'myEndSession');

function myStartSession() {
    if(!session_id()) {
        session_start();
    }
}

function myEndSession() {
    session_destroy ();
}

    I have multiple questions:
    * did you want to create a session if the current user / visitor is not logged in?
    * why not use is_user_logged_in()?
    why do you destroy the session directly after the login (wp_login)? that makes not much sense (you can use / reuse the current session)
    * WordPress itself already creates and destroys a session upon login and logout

    I think this code has to be changed:

    function myStartSession() {
    if(!session_id()) {
        session_start();
    }
}

    And these can be probably removed (at least they should not affect normal admin users):

    add_action('wp_logout', 'myEndSession');
add_action('wp_login', 'myEndSession');

    !session_id() may not work here and there might be race conditions with WordPress and its APIs.

    See also the check at https://github.com/WordPress/WordPress/blob/893546741042a4321d7d1770370d9d9a0e295405/wp-admin/includes/class-wp-site-health.php#L1135-L1149

    • This topic was modified 3 years, 7 months ago by Anonymous User 17880307.
    • This topic was modified 3 years, 7 months ago by Anonymous User 17880307.
  • The topic ‘session_start() leads to warning in the health check’ is closed to new replies.