WordPress Native PHP Sessions

WordPress core does not use PHP sessions, but sometimes they are required by your use-case, a plugin or theme. This plugin implements PHP's native session handlers, backed by the WordPress database. This allows plugins, themes, and custom code to safely use PHP $_SESSIONs in a distributed environment where PHP's default tempfile storage just won't work. Note that primary development is on GitHub if you would like to contribute: https://github.com/pantheon-systems/wp-native-php-sessions

1. Upload to the /wp-content/plugins/ directory
2. Activate the plugin through the 'Plugins' menu in WordPress

That's it!

1.2.3 (April 9th, 2021)

• Assigns the table name to a variable before using in query [#188].

1.2.2 (March 29th, 2021)

• Includes an auto-incrementing id column for replication support [#187].

1.2.1 (September 17th, 2020)

• Plugin textdomain needs to be the same as the WordPress.org slug [#169].

1.2.0 (May 18th, 2020)

• Avoids using cookies for sessions when WP-CLI is executing [#154].

1.1.0 (April 23rd, 2020)

• Avoids initializing PHP sessions when doing cron [#149].

1.0.0 (March 2nd, 2020)

• Plugin is stable.

0.9.0 (October 14th, 2019)

• Refactors session callback logic into Session_Handler abstraction, fixing PHP notice in PHP 7.3 [#135].

0.8.1 (August 19th, 2019)

• Fixes handling of 'X-Forwarded-For' header in get_client_ip_server() [#126].

0.8.0 (August 13th, 2019)

• Respects various HTTP_* sources for client IP address [#122].

0.7.0 (April 3rd, 2019)

• Adds a safety check that restores $wpdb when it's missing.

0.6.9 (May 15th, 2018)

• Ensures _pantheon_session_destroy() uses a return value.

0.6.8 (May 4th, 2018)

• Switches to E_USER_WARNING instead of E_WARNING when triggering errors.

0.6.7 (April 26th, 2018)

• Disables plugin load when WP_INSTALLING, because session table creation breaks installation process.

0.6.6 (March 8th, 2018)

• Restores session instantiation when WP-CLI is executing, because not doing so causes other problems.

0.6.5 (February 6th, 2018)

• Disables session instantiation when defined( 'WP_CLI' ) && WP_CLI because sessions don't work on CLI.

0.6.4 (October 10th, 2017)

• Triggers PHP error when plugin fails to write session to database.

0.6.3 (September 29th, 2017)

• Returns false when we entirely fail to generate a session.

0.6.2 (June 6th, 2017)

• Syncs session user id when a user logs in and logs out.

0.6.1 (May 25th, 2017)

• Bug fix: Prevents warning session_write_close() expects exactly 0 parameters, 1 given.

0.6.0 (November 23rd, 2016)

• Bug fix: Prevents PHP fatal error in session_write_close() by running on WordPress' shutdown action, before $wpdb destructs itself.
• Bug fix: Stores the actual user id in the sessions table, instead of (bool) $user_id.

0.5

• Compatibility with PHP 7.
• Adds pantheon_session_expiration filter to modify session expiration value.

0.4

• Adjustment to session_id() behavior for wider compatibility
• Using superglobal for REQUEST_TIME as opposed to time()

0.3

• Fixes issue related to WordPress plugin load order

0.1

• Initial release