• This is a follow up to https://wordpress.org/support/topic/php-session-always-started-even-when-not-needed/ since that topic is no longer allowing new replies.

    The following changes to classes/wp_cassify_plugin.php is one minimal way to make the PHP session only start when actually needed.

    Update wp_cassify_session_start() as follows, with the changes in bold:

    	public function wp_cassify_session_start( $force = false ) {
    
    		if ( $force || isset( $_COOKIE[ session_name() ] ) ) {
    			if(! session_id() ) {
    				session_start();
    			}
    		}
    	}

    And then update wp_cassify_grab_service_ticket() as follows, again with the changes in bold:

    
    		if ( (! is_user_logged_in() ) || (! is_user_member_of_blog() ) ) {
    			if (! empty( $service_ticket ) ) {
    
    				// Ensure session is started
    				$this->wp_cassify_session_start( true );
    
    				// Retrieve configuration options from database

    Note that I’ve only done rudimentary verification of these changes, but it seems to work as expected.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Alternately, can just adjust this block of code to see how authentication is being requested:

    	/**
    	 * Start the php session inside the plugin because session is needed to store callback url.
    	 */	 
    	public function wp_cassify_session_start() {
    
    		if(! session_id() ) {
    			global $wp;
    			$gateway_mode = WP_Cassify_Utils::wp_cassify_get_option( $this->wp_cassify_network_activated, 'wp_cassify_enable_gateway_mode' );
    			if ($gateway_mode && $wp->request == "/login") {
    				session_start();
    			}
    		}
    	}

    Forgot to add my adjustment:

    		if(!session_id() && !headers_sent() && (get_current_user_id() > 0)) {
    			session_start();
    			}
    		}

    Basically adding a check to see if a user is logged in.

    Plugin Author Alain-Aymerick FRANCOIS

    (@aaf017)

    Hi,

    Hello,

    I’m sorry but I have a lot of work at the moment. I haven’t had time to update the plugin. Nevertheless, I’m very interested in integrating your patch into the plugin. About starting a session only if necessary.
    Can you send me a patch of all the modified files, indicating exactly where the changes have been made?
    I’d be happy to incorporate your work to help the plugin progress.I’ll mention your name/pseudo in the README file.

    Best regards.

    Plugin Author Alain-Aymerick FRANCOIS

    (@aaf017)

    Just to finish. Have you tested your patch with Gateway mode?

    => User already connected from another service and automatic CAS connection when coming to WordPress.

    Thread Starter kkatpcc

    (@kkatpcc)

    Can you send me a patch of all the modified files, indicating exactly where the changes have been made?

    The lack of plugin updates — for proper PHP 8 support, and in general — have forced me to look for a different plugin/solution. Thus, I can’t justify the effort of submitting a formal patch at this point.

    However, my first comment basically serves this purpose. Please feel free to work that logic into your plugin as you see fit.

    Have you tested your patch with Gateway mode?

    No, I do not use Gateway mode.

    Overall, the comments from @partyka may indicate a better approach.

    I can confirm that @kkatpcc’s fix resolves the session issues that we reported earlier. We’ve published a git clone of the SVN repository containing the fix, the PHP 8 fixes that Jesse Loesberg authored, and a few local changes: https://github.com/LafColITS/wp-cassify. We don’t use gateway mode either so I can’t speak to whether it’s affected.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Patch to start PHP session only when needed’ is closed to new replies.