For three days I had nearly despaired when I tried to extend a WordPress site with a self-written login script. Everything worked properly on my local server, but as soon as I had uploaded it, the session variables didn’t seem to be passed any more: after the login, I stayed logged in for only one more click and then got logged out again.<\/p>\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n
After several unsuccessful Google searches (with the wisdom of hindsight it’s quite easy to google, but try and find something about this issue without reading any further than this) I found the reason at last, namely the function In short: If Well, for one thing, WordPress assumes that it’s meant to take care of the complete site – after all it is some kind of content management system. And that includes the administration of all variables as well.<\/p>\r\n\r\n What’s much more important though, is the fact, that the use of After having solved this riddle, the solution was perfectly obvious: I have to deactivate Further information on the subject can be found on php.net<\/a>:<\/p>\r\nwp_unregister_GLOBALS()<\/code> inside the file wp-settings.php<\/code>. Here it is:<\/p>\r\n\r\n\r\nfunction wp_unregister_GLOBALS() {\r\n if ( !ini_get('register_globals') )\r\n return;\r\n\r\n if ( isset($_REQUEST['GLOBALS']) )\r\n die('GLOBALS overwrite attempt detected');\r\n\r\n \/\/ Variables that shouldn't be unset\r\n $noUnset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES', 'table_prefix');\r\n\r\n $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());\r\n foreach ( $input as $k => $v )\r\n if ( !in_array($k, $noUnset) && isset($GLOBALS[$k]) ) {\r\n $GLOBALS[$k] = NULL;\r\n unset($GLOBALS[$k]);\r\n }\r\n}\r\n<\/pre>\r\n\r\nWhat does this function do?<\/h3>\r\n\r\n
\r\n\t
\r\nIf register_globals<\/code> is not activated in the PHP settings of the web server, it won’t do anything at all (which explains the different behaviours of my script on my local and the live server). If, however, register_globals<\/code> is active, it proceeds as follows:\r\n\t\t\r\n\t\t\t
\r\nAs the comment already says, all global variables listed here will not<\/em> be reset. As you can see, $_SESSION<\/code> is not<\/em> being mentioned!<\/li>\r\n\t\t\t
\r\nNow, all global variables are being shifted and deleted one by one.<\/li>\r\n\t\t<\/ul>\r\n\t<\/li>\r\n<\/ul>\r\n\r\nregister_globals<\/code> is activated, $_SESSION<\/code> will be deleted on every single<\/em> page view. No surprise that we can’t get at our session variables any more!<\/p>\r\n\r\nWhat’s it all about?<\/h3>\r\n\r\n
register_globals<\/code> has been deprecated for a long time and the feature will even be completely removed in PHP 6. Today, it is strongly recommended not to use these kind of variables, because they involve safety hazards. So, WordPress is obviously trying to imitate the behaviour of a deactivated register_globals<\/code> in order to ensure safety and avoid potential variable conflicts.<\/p>\r\n\r\nRemedy<\/h3>\r\n\r\n
register_globals<\/code> on the web server, so WordPress wouldn’t even need to execute that stupid function. For this purpose, simply place a text file called php.ini<\/code> inside your WordPress directory, containing the following line:<\/p>\r\n\r\nregister_globals Off<\/pre>\r\n\r\n
\r\n\t