An Active PHP Session was detected

  • Hi,

    When i update the WordPress, site health showing the below message.

    An Active PHP Session was detected
    A PHP session was created by a session_start() function call. This interferes with REST API and loopback requests. The session should be closed by session_write_close() before making any HTTP requests.

    Below is my code
    function.php

    add_action('init', 'start_session', 1);
function start_session() {
    if(!session_id()) {
       session_start();
    }
}

    and we user session variables across the different pages.

    I tried below solutions.
    1. Deactivating all plugins one by one, but it doesn’t solve the issue
    2. session_start([‘read_and_close’ => true]);
    – It clears the session error in site health. But the session variable is not set, session closed immediately when it starts.

    Kindly check, and give me the exact solution. Please.

    Thank you.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator bcworkz

    (@bcworkz)

    You need to move any useful data from session vars into local scope vars, then close the session before allowing or making API requests. Once there will be no more API requests, you can start another session and move data back from the local vars.

    Ideally, it’s best to avoid sessions in the WP environment. If possible, use other methods of maintaining user data. For example, transients or cookies or URL query strings.

    Thread Starter hemasusi

    (@hemasusi)

    Hi,

    Okay, but i can’t change it to cookies or any other type, because session used in many places, can’t do modification in all of it.

    And i tried to close the session before API post method, but the error in sitehealth still appears.

    Thread Starter hemasusi

    (@hemasusi)

    Can we keep that error in site health ? how long ?

    Moderator bcworkz

    (@bcworkz)

    The session happens to be open when you check site health. If you’re sure it’s not open when any other API requests are made (they may happen more often than you realize), then there’s no need for concern and the warning can be ignored.

    Dion

    (@diondesigns)

    Site Health contains subjective recommendations — no more, no less. If you understand the ramifications, then ignore the ones with which you don’t agree. For example, I have all automatic updates disabled, and Site Health displayed all sorts of “they sky is falling!!!” errors. I also don’t have certain PHP extensions enabled (fileinfo and imagick) that Site Health says I should have have enabled. Well…fileinfo (technically libmagic) is buggy and consumes A LOT of memory, and imagick is a CPU pig under most circumstances. So I’m happy letting WP guess MIME types internally, and since my server has the available memory to make it work well, I’m happy letting GD manage images.

    Eventually I decided to write a plugin to completely disable Site Health, because for my (and my clients) purposes, it does more harm than good. (The plugin also blocks WP’s access to “browse happy” and “serve happy” for good measure. ?? )

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘An Active PHP Session was detected’ is closed to new replies.