Support » Plugin: HumanCaptcha by Outerbridge » Active PHP session causes a critical issue shown on Site Health Status

  • Greetings,

    HumanCaptcha causes a critical issue according to the Site Health Status page (WordPress Dashboard -> Tools -> Site Health). I have HumanCaptcha 3.1 installed in WordPress 5.5.3. See the status message below:

    An active PHP session was detected [Performance]

    A PHP session was created by a session_start() function call. This interferes with REST API and loopback requests. The session should be closed by session_write_close() before making any HTTP requests.

    The issue seems to be related to the PHP session detection added to the Site Health Status page in WordPress 5.5.0: https://core.trac.wordpress.org/changeset/47585 According to the plugin page, HumanCaptcha is tested only up to WordPress 5.4.4 which predates the session check.

    To pinpoint the issue to HumanCaptcha plugin, I disabled all plugins, after which the PHP session message was not shown. Then I enabled plugins one at a time until the issue message returned. This happened when HumanCaptcha was the only enabled plugin.

    I am not completely sure what kind of interference the issue causes but it seems worth fixing. Please let me know if you need any additional details.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Outerbridge

    (@outerbridge)

    Hi there

    Many thanks for bringing this to our attention. We will investigate this but at the moment we are busy with other work and so it won’t be for a while – it is on our to-do list though!

    Regards
    Outerbridge

    Thread Starter tmuk

    (@tmuk)

    Hi

    Thank you for the response despite being busy. I took another look at the WordPress ticket that was linked in the changeset above. One suggestion was to close the session right after using $_SESSION variables.

    In this patch, I tried to edit the code to follow that idea. When the patch is applied, the related critical issues in the Site Health disappeared. I also confirmed this with a clean WordPress installation where only HumanCaptcha plugin was installed.

    However, I am not completely sure about the solution especially related to the headers that were mentioned in the ticket. I decided to share the patch anyway in case it happens to help.

    songiuno

    (@songiuno)

    Hello,

    Has there been any patch/revision to this? I just discovered that I am seeing this issue in WP site health status. I’m not a coder so don’t understand how to apply the patch that tmuk shared.

    Plugin Author Outerbridge

    (@outerbridge)

    Still on the to-do list unfortunately.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.