By default, WordPress does not use anything other than cookies to keep users logged in. That is actually a very good strategy because it helps preserve performance and page speed. WordPress focuses on content management and publishing, so in most cases cookies are enough.
But sometimes we need to keep some data across two or more page requests. In that situation, using PHP sessions can be a very simple and practical option. For example, when building an application on top of WordPress, we may want to show a flash message to the user after a form submission.
Start a session during WordPress initialization
Starting a session in WordPress is actually very simple. Just add the following code to your theme’s functions.php file or to a plugin. The callback is attached to WordPress’s initialization hook with a priority of 1 so the session is started before other features rely on it.
add_action( 'init', function ()
{
if ( ! session_id() ) {
session_start();
}
}, 1 );Destroy session data when the user logs in or logs out
As mentioned above, WordPress does not use sessions to store login state, so it also does not automatically clear a user’s session data when the user logs in or logs out. To avoid stale session data hanging around when a user signs out or switches to another account, we should clear session data at those moments. WordPress gives us the wp_login and wp_logout hooks for exactly that.
add_action('wp_logout', 'destroy_session');
add_action('wp_login', 'destroy_session');
function destroy_session() {
session_destroy ();
}Save data to the session and read it back
Once the setup above is in place, we can use PHP’s $_SESSION variable directly to save and retrieve session data.
Save data to the session:
$_SESSION['message'] = "保存数据成功";Read data from the session:
if(isset($_SESSION['message'])) {
$value = $_SESSION['message'];
} else {
$value = '';
}Store session data in MySQL to avoid some session-related problems
By default, PHP stores sessions in temporary files. When multiple requests need to read and write the same session, PHP can block requests because of file locking, which may hurt performance. Storing session data in a database can avoid that problem. There is a session plugin that can help with that, and in many cases simply installing and enabling it is enough.
Of course, MySQL is not the only option. We can also store session data in Redis or Memcached. The setup is straightforward; just add code like the following to functions.php.
// Save sessions to Redis
ini_set("session.save_handler","redis");
ini_set("session.save_path","tcp://127.0.0.1:6379");
// Save sessions to Memcache
ini_set("session.save_handler","memcache");
ini_set("session.save_path","tcp://10.1.1.1:11211");So while WordPress does not rely on sessions by default, using sessions inside WordPress is still quite simple. In fact, some large WordPress plugins already use them for specific features. WooCommerce is a common example if you want to look at a practical implementation.
