Site Health : An active PHP session was detected

I'm new in WordPress development and I just created my first theme.

In my wp-admin, the Site Health tells me that a PHP session has been detected (critical error), here is the message :

A PHP session was created by a session_start() function call. This interferes with REST API and loopback requests. The session should be closed by session_write_close() before making any HTTP requests.

I need PHP's $_SESSION for a theme script, and I added this to my functions.php file for sessions to be properly initialized:

?php

if (!session_id()) { 
    session_start(); 
}

If I delete these lines, the message disappears, but my PHP sessions don’t work anymore.

If I keep these lines, everything seems to be working properly but this message is worrying...

Does anyone have an idea to solve this problem while keeping the ability to use the $_SESSION?

My WP version is 5.5.3 and the PHP version is 7.4.8.

Thank you in advance for your help!

Topic site-health-widget session php theme-development Wordpress

Category Web

1
answered at

I had exactly this same issue. After many attempts at hooking to call session_start() elsewhere within the Wordpress loading process, a colleague suggested I try replacing my code in functions.php with the following:

if(session_status() == PHP_SESSION_NONE) {
    session_start();
}

This seemed to fix both issues I was having, clear the error in Wordpress, and allow my front end users to log into the system I had created.

1
answered at

I've found that WP e-Store causes:

  1. An active PHP session was detected
  2. the REST API encountered an error

WP SpamShield causes:

  1. An active PHP session was detected

I'll look at the code and see if I can find a way to fix it in these plugins. Without e-Store, the site is basically dead in the water!

If anyone had found and fixed either of these plugins, I'd love to know what worked.

[email protected]

1
answered at

I was facing same issue.

I replaced the code

session_start();

with

if (!isset($_SESSION)) {
  session_start(['read_and_close' => true]);
}

and it worked for me.

1
answered at

In my case this was caused by the plugin "Contact Form by BestWebSoft".

If you find yourself in the same situation you have to disable the plugin one by one and refresh the page /wp-admin/site-health.php to check if the error is still there.

As explained here https://stackoverflow.com/questions/64377032/getting-an-active-php-session-was-detected-critical-warning-in-wordpress this is due to a plugin badly developed.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.