Sessions?

  • Hello,

    I was wondering how does WordPress deal with sessions? I want to have a plugin that will allow my viewers to register and log in to view certain content and I have been testing some functionality and it seems to work fine, but I am not sure if there isn’t anything “bad” going underneath.

    If I create a session in the header of my theme (via a plugin hook) I get no errors and all my session variables seem to be accessible fine. If I try to start a session in a footer, I get the following error:

    Warning: session_start() [function.session-start]: Cannot send session cache limiter – headers already sent (output started at C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\wordpress\wp-includes\l10n.php:36) in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\wordpress\wp-content\themes\test\index.php on line 28

    On the other hand, if I don’t start a session myself, whatever session vars I set are unset by the next page load.

    Hence I am confused about how WordPress deals with sessions and since they are a fundamental part of my sytem (that I simply cannot risk having any voulnerabilities) I would appreciate some guidance on this topic.

    Cheers!

Viewing 5 replies - 1 through 5 (of 5 total)

  • “If I try to start a session in a footer”

    Huh? Does that make sense? HTTP/HTML is doing just what it should. It’s pull from the html client and you can’t push from the server that which was not asked for.

    Thread Starter Koobazaur

    (@koobazaur)

    What I meant was, which hook I use to call my session_start(); either wp_header or wp_footer.

    Thread Starter Koobazaur

    (@koobazaur)

    So, apparently, WordPress doesn’t do anything with sessions. I’ve been putting a session_id(); code almost everywhere in the rendering stage (my theme) and it’s always null. That and I never see any PHPSESSIONID cookies in my browser either. This leads me to a belief that I can implement my own Session framework without having to worry about WordPress interfering with it. w00t!

    I don’t think I want to know why this is important Unless your trying to move state between say wordpress and something else. Good luck and think thrice.

    Thread Starter Koobazaur

    (@koobazaur)

    I need to build my own user infrastructure, so being able to implement sessions my way without having to worry about WordPress erasing my data at some point in time for some random reason is really helpful.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Sessions?’ is closed to new replies.