$_SESSION variables lost during OAuth callback
With my version of wordpress there is NO session. So when I call $_SESSION[‘callback_state’]=stuff it’ll gladly save it to a temporary stack local variable instead of with the actual session. So before you redirect do: if (!session_id()) {session_start();} //then the normal redirect header(“location: $newUrl”); exit(0);