For three days I had nearly despaired when I tried to extend a WordPress site with a self-written login script. Everything worked properly on my local server, but as soon as I had uploaded it, the session variables didn’t seem to be passed any more: after the login, I stayed logged in for only one more click and then got logged out again.
After several unsuccessful Google searches (with the wisdom of hindsight it’s quite easy to google, but try and find something about this issue without reading any further than this) I found the reason at last, namely the function wp_unregister_GLOBALS()
inside the file wp-settings.php
. Here it is:
function wp_unregister_GLOBALS() {
if ( !ini_get('register_globals') )
return;
if ( isset($_REQUEST['GLOBALS']) )
die('GLOBALS overwrite attempt detected');
// Variables that shouldn't be unset
$noUnset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES', 'table_prefix');
$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
foreach ( $input as $k => $v )
if ( !in_array($k, $noUnset) && isset($GLOBALS[$k]) ) {
$GLOBALS[$k] = NULL;
unset($GLOBALS[$k]);
}
}
What does this function do?
- Line 27/28:
Ifregister_globals
is not activated in the PHP settings of the web server, it won’t do anything at all (which explains the different behaviours of my script on my local and the live server). If, however,register_globals
is active, it proceeds as follows:- Line 34:
As the comment already says, all global variables listed here will not be reset. As you can see,$_SESSION
is not being mentioned! - Line 36-41:
Now, all global variables are being shifted and deleted one by one.
- Line 34:
In short: If register_globals
is activated, $_SESSION
will be deleted on every single page view. No surprise that we can’t get at our session variables any more!
What’s it all about?
Well, for one thing, WordPress assumes that it’s meant to take care of the complete site – after all it is some kind of content management system. And that includes the administration of all variables as well.
What’s much more important though, is the fact, that the use of register_globals
has been deprecated for a long time and the feature will even be completely removed in PHP 6. Today, it is strongly recommended not to use these kind of variables, because they involve safety hazards. So, WordPress is obviously trying to imitate the behaviour of a deactivated register_globals
in order to ensure safety and avoid potential variable conflicts.
Remedy
After having solved this riddle, the solution was perfectly obvious: I have to deactivate register_globals
on the web server, so WordPress wouldn’t even need to execute that stupid function. For this purpose, simply place a text file called php.ini
inside your WordPress directory, containing the following line:
register_globals Off
Further information on the subject can be found on php.net:
73 responses to “Session variables in WordPress”
Yes.
script that i posted is login.php in project,
so it’s does not mean to add session_start() in index.php
when i add session_start() in wp_load.php or login.php , then it give me that warning.
There must be some kind of output before the
session_start()
then. You have to make sure that absolutely nothing is echoed beforesession_start()
. No plain HTML either.Hi,
i had sloved problem.
Problem is that we are checkin and checkout files
using vss.so i think my script is corrupted.so it have at top of script.so why it give me “header already sent” error,so at last we find it.
Thanks for your support,
one more think do u know how can i able to display validation error in my script like in wp-login.php
Thanks again
Hmm, I have never done something like that. :)
Maybe you can simply set a variable, for example
$error_msg
, and then put something like this in your template:ok
Have u ever used “register plus” plugin for add extra field in user registration?
if yes then do u use multi language functionlity in it?
No, sorry, I don’t know that plugin.
Hi Ginchen,
I Got new Project in wordpress… i have to dispaly Product Category in front side..
Do u have any plugin and Module for adding/editing Product Category in admin side
please reply ASAP
Sorry, but there are currently 5,822 WordPress plugins, and I don’t know every single one of them. ;)
Also, I don’t understand what you mean by “product category” – there are no “products” in WordPress?!?
The only advice I can give is: Go to http://wordpress.org/extend/plugins/ and enter a good search term. ;)
Hi, i am using wp-e-commerce plugin… when we activate it,it create product page in wordpress admin.in content of that page it write like this [productspage].
so what does this mean?
THANK YOU THANK YOU!
I had the exact same problem, and you described it and solved it beautifully.
Just a small comment — I had to place the php.ini inside the exact folder which contained the files I was executing; it’s not good enough just to place it in the root WordPress folder as it will not affect subfolders, at least in my case.