$_SESSION variables lost during OAuth callback

With my version of wordpress there is NO session. So when I call $_SESSION['callback_state']=stuff it’ll gladly save it to a temporary stack local variable instead of with the actual session.

So before you redirect do:

if (!session_id()) {session_start();}
//then the normal redirect
header("location: $newUrl");
exit(0);