Active PHP session causes a critical issue shown on Site Health Status

  • Resolved tmuk

    (@tmuk)


    5 years, 6 months ago

    Greetings,

    HumanCaptcha causes a critical issue according to the Site Health Status page (WordPress Dashboard -> Tools -> Site Health). I have HumanCaptcha 3.1 installed in WordPress 5.5.3. See the status message below:

    An active PHP session was detected [Performance]

    A PHP session was created by a session_start() function call. This interferes with REST API and loopback requests. The session should be closed by session_write_close() before making any HTTP requests.

    The issue seems to be related to the PHP session detection added to the Site Health Status page in WordPress 5.5.0: https://core.trac.wordpress.org/changeset/47585 According to the plugin page, HumanCaptcha is tested only up to WordPress 5.4.4 which predates the session check.

    To pinpoint the issue to HumanCaptcha plugin, I disabled all plugins, after which the PHP session message was not shown. Then I enabled plugins one at a time until the issue message returned. This happened when HumanCaptcha was the only enabled plugin.

    I am not completely sure what kind of interference the issue causes but it seems worth fixing. Please let me know if you need any additional details.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Outerbridge

    (@outerbridge)

    5 years, 6 months ago

    Hi there

    Many thanks for bringing this to our attention. We will investigate this but at the moment we are busy with other work and so it won’t be for a while – it is on our to-do list though!

    Regards
    Outerbridge

    Thread Starter tmuk

    (@tmuk)

    5 years, 5 months ago

    Hi

    Thank you for the response despite being busy. I took another look at the WordPress ticket that was linked in the changeset above. One suggestion was to close the session right after using $_SESSION variables.

    In this patch, I tried to edit the code to follow that idea. When the patch is applied, the related critical issues in the Site Health disappeared. I also confirmed this with a clean WordPress installation where only HumanCaptcha plugin was installed.

    However, I am not completely sure about the solution especially related to the headers that were mentioned in the ticket. I decided to share the patch anyway in case it happens to help.

    songiuno

    (@songiuno)

    5 years, 3 months ago

    Hello,

    Has there been any patch/revision to this? I just discovered that I am seeing this issue in WP site health status. I’m not a coder so don’t understand how to apply the patch that tmuk shared.

    Plugin Author Outerbridge

    (@outerbridge)

    5 years, 2 months ago

    Still on the to-do list unfortunately.

    Plugin Author Outerbridge

    (@outerbridge)

    4 years, 11 months ago

    Hi
    Just to let you know. We’ve included your patch suggestions in our most recent update, so this should no longer be an issue. Many thank for your help and patience.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Active PHP session causes a critical issue shown on Site Health Status’ is closed to new replies.