Fix WordPress PHP Session Problems on Pantheon with a Script

Greg Anderson, Open Source Contributor Reading estimate: 2 minutes

PHP provides a way for web applications to keep persistent state for the users of a web application.  This feature is used in Drupal core to manage sessions for logged-in users; however, WordPress does not support this mechanism in core. WordPress relies exclusively on HTTP cookies to hold any necessary user state.  Plugins are expected to do likewise, and the WordPress community largely discourages plugin authors from using PHP sessions.

Despite this general prohibition, there are a number of WordPress plugins in common use that rely on PHP’s built-in support for sessions that is based on storing session data in the filesystem. While this technique works fine in a dedicated server or virtual private server environment, it breaks down entirely in large scalable architectures such as Pantheon, where any given request for a user might be handled by a different application container.  If a plugin does attempt to use the built-in session mechanism, all page requests will fail with an error related to session_start() or $_SESSION.

If you are building a new site and this happens, you might simply choose to use a different plugin that does not use sessions. There are many who would advise that, but there is nothing fundamentally wrong with sessions. Avoiding modules that use sessions gives you the flexibility to deploy your site in any hosting environment without having to do any extra work; if you are in a situation that requires them, then the solution is to store the session data in the database rather than the filesystem. This is the technique that Drupal uses, and it works well over a wide variety of websites. There is an easy-to-use plugin that provides database sessions for WordPress:

    https://wordpress.org/plugins/wp-native-php-sessions/

This plugin was written by Pantheon, but should also work on other platforms as well. See WordPress and PHP Sessions in the Pantheon documentation for more information on this plugin.  Simply installing this as a regular WordPress plugin will fix your site’s problems in most instances; however, if your site is already failing with some session_start() or $_SESSIONS related error, or if you are using a plugin that references sessions early in the WordPress bootstrap, then you will need to install it in the “must use” plugins folder, and configure WordPress to load it. Instructions are provided on the WP Native PHP Sessions project page; the steps are not hard, and can be accomplished in a few minutes, or perhaps a little longer.

If you are migrating a large number of WordPress sites, though, then adding just a few more minutes to each migration is going to start to add up—even if you get to be really good at doing the same thing over and over again. To save time, you can use the handy installation script to add the plugin to your WordPress site in less than a minute.

    https://gist.github.com/greg-1-anderson/dd033d820d0a9d2659e6

Save the script to some location on your computer that is in your $PATH, make it modifiable via chmod +x, and you will then be ready to install the plugin in two simple steps:

  • Log in:                   terminus auth login
  • Run the script:     add-php-sessions-plugin.php SITENAME

Replace SITENAME with the name of your Pantheon site, and the script will do all of the plugin installation work for you, making it even easier for you to complete your migration.

Share

Discover More

Safely Publish to Web from Google Docs with Pantheon Content Publisher

Roland Benedetti (Senior Director, Product) and Zack Rosen (Co-Founder)
Reading estimate: 7 minutes

Unifying Content and Code: Inside Pantheon’s Vision for Content Operations

Chris Yates
Reading estimate: 5 minutes

How Pantheon Protects Your Site from Software Supply Chain Risks in Open Source

Steve Persch
Reading estimate: 8 minutes

Try Pantheon for Free

Join thousands of developers, marketers, and agencies creating magical digital experiences with Pantheon.