My problem - when a user logged into my website and then went to my "blog" area (which did not require any logging in) Wordpress would removed all the sessions I had set.
Why did it do this?
If we open wp-settings.php the first few lines of code completely remove all session information (as well as other).
CODE:
-
function wp_unregister_GLOBALS() {
-
if ( !ini_get('register_globals') )
-
return;
-
-
if ( isset($_REQUEST['GLOBALS']) )
-
die('GLOBALS overwrite attempt detected');
-
-
// Variables that shouldn't be unset
-
$noUnset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES', 'table_prefix');
-
-
$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
-
foreach ( $input as $k => $v )
-
if ( !in_array($k, $noUnset) && isset($GLOBALS[$k]) ) {
-
$GLOBALS[$k] = NULL;
-
unset($GLOBALS[$k]);
-
}
-
}
To fix this issue I did the following:
CODE:
-
function wp_unregister_GLOBALS() {
-
if ( !ini_get('register_globals') )
-
return;
-
-
if ( isset($_REQUEST['GLOBALS']) )
-
die('GLOBALS overwrite attempt detected');
-
-
// Variables that shouldn't be unset
-
$noUnset = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES', 'table_prefix','_SESSION');
-
-
$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES);
-
foreach ( $input as $k => $v )
-
if ( !in_array($k, $noUnset) && isset($GLOBALS[$k]) ) {
-
$GLOBALS[$k] = NULL;
-
unset($GLOBALS[$k]);
-
}
-
}