The only way to make this go away is to not use PHP sessions and use cookies directly instead. PHP sessions are fundamentally incompatible with a lot of page caching and CDN mechanisms e.g. cloudflare, Varnish, or full page caching plugins such as batcache or WP Supercache. PHP Sessions are also turned off and disabled … Read more
WordPress doesn’t use sessions at all so it isn’t going to help you “control your sessions”. You would have to incorporate the code yourself. SSI? Server Side Includes? WordPress also doesn’t use Server Side Includes, and neither should you. They technology is ancient, bug prone — also known as susceptible to being hacked — and … Read more
The problem was that my *_KEY tokens were being generated each time Kubernetes was creating a new instance, as @Rup and @Tom-J-Nowel rightly pointed. Because my docker image evolved from having an wp-config.php template included to having it generated by the official wordpress docker image I was struggling to see this was a variable. After … Read more
The definitive solution with session is.. do not use session. As example in your form, you can output 3 fields: an image field -> the captcha image a text field -> to allow users to insert the characters an hidden field -> contain the solution but encripted using wp_create_nonce In this way when the form … Read more
To use WordPress as Authenticator, you can use the function wp_signon(). So take the post-data from the codeignider and send it to wp_signon()
You can do this in your init or config file. ini_set(‘session.cookie_domain’, substr($_SERVER[‘SERVER_NAME’], strpos($_SERVER[‘SERVER_NAME’],”.”), 100)); Whenever PHP sets the ‘PHPSESSID’ cookie, the cookie will be available to all over the site including Blog.
How WordPress stores cookies (client-side, as @birgire stated): https://codex.wordpress.org/WordPress_Cookies I doubt this will ever work from a separate subdomain as the cookie domain is usually fully-qualified to the WordPress siteurl (someone feel free to correct me.) If you were doing it with another app on the same domain, you’d need to make use of the … Read more
The reason for not working $_SESSIONS in WP Core: The thing WordPress is doing with sessions is burdened inside ~/wp-includes/load.php. The responsible function for resetting the $_SESSION to null is wp_unregister_GLOBALS(). So in case you really need it, you’ll have to turn register_globals off in your php.ini file. /** * Turn register globals off. * … Read more
OK, simple solution after digging in the WordPress code. // get all sessions for user with ID $user_id $sessions = WP_Session_Tokens::get_instance($user_id); // we have got the sessions, destroy them all! $sessions->destroy_all(); This will log the user with ID $user_id out of WordPress. Use case: My use case for this is when a user is approved … Read more
It uses bare cookies and stores the login state information client side. + = wordpress_7339a175323c25a8547b5a6d26c49afa=yourusername%7C1457109155%7C170f103ef3dc57cdb1835662d97c1e13; Where do all these cookies and salt come from? The salt is in your wp-config.php file: /**#@+ * Authentication Unique Keys and Salts. * * Change these to different unique phrases! * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ … Read more