PHP session always started, even when not needed

  • WP Cassify seems to eagerly start a PHP session without first making sure it has a reason to do so. This can introduce multi-request blocking behavior, and can load up a server with sessions for no good reason, both of which reduce scalability. Page caching plugins may help alleviate this, but using them shouldn’t be required to work around this behavior.

    Please update the plugin so that a PHP session is not started unless required. A simple way to avoid starting a session is to first check if the session cookie exists, e.g. isset($_COOKIE[session_name()])

    Another option is to eliminate dependency on native PHP sessions entirely. One way is to store tokens/data in the database and directly manage the cookie, akin to WP. Another way is to reduce the scope of the plugin down to only what is needed for CAS auth & user mapping, and let WP handle the rest. This would help make things less awkward in load-balanced installations.

Viewing 1 replies (of 1 total)

  • For us, the problem is that because WP Cassify sets that PHP Session cookie on every single page for every single visitor, that busts the cache for every page, so we are getting zero percent cache hit rate in Pantheon.

    https://pantheon.io/docs/cookies#cache-busting-cookies

    We have worked around it being a PHP Session cookie (not supported on Pantheon) by using the WP Native PHP Sessions plugin, but that just changes how the cookie is stored, we still have the problem of it being on every page.

    I had hoped that turning off Gateway Mode (auto login) in WP Cassify would limit the session cookies to just certain pages, but no.

    I would welcome any of the options mentioned by @kkatpcc

Viewing 1 replies (of 1 total)
  • The topic ‘PHP session always started, even when not needed’ is closed to new replies.