Support » Fixing WordPress » wp-blog-header.php killing sessions?

  • Hi, i have a custom made gallery script i’m trying to integrate with WordPress. I have everything working properly except there’s a problem with the login for the gallery script. When a user logs in the script is not saying they are logged in.

    I used the following method of calling wp-blog-header.php in the gallery scrips header:

    define(‘WP_USE_THEMES’, false);

    If i delete the above code, the gallery login works fine (despite all the theme related errors that then show up) so it seems as though something in wp-blog-header.php is killing the session started by the gallery script? Or could it perhaps be this gallery script is using session related names already used by wordress for its login stuff?

    I really don’t know too much about php sessions or cookies, etc… so if anybody can come up with a possible solution or has had a similar problem while integrating a script your help would be very greatly appreciated.

    Thank You!

Viewing 7 replies - 1 through 7 (of 7 total)
  • I’ve tried renaming the login session ids in the script to uname and uid instead of username and id (in case wordpress was already using those names) but no luck its still not saving the sessions unless i delete the call to wp-blog-header.php. Pretty please, does anybody have any suggestions for a fix?


    Got a similar problem, did anyone find a resolution?

    I ran into this problem and figured out what was happening.

    I don’t use wordpress but the guy who does the SEO in my office does use wordpress for blogs for the sites i program for him.

    wordpress natively assumes it’s taking over EVERY aspect of the site since it IS a content management system of some kind.

    this means it naively takes over all and any global variables you have assigned for your own php scripts.

    wp-blog-header.php includes a wp-config.php which also in itself includes a wp-settings.php file

    In wp-settings.php:

    Look at lines 27 – 47 and then look at line 47 (last line) again.

    function wp_unregister_GLOBALS() {
    if ( !ini_get(‘register_globals’) )

    if ( isset($_REQUEST[‘GLOBALS’]) )
    die(‘GLOBALS overwrite attempt detected’);

    // Variables that shouldn’t be unset
    $noUnset = array(‘GLOBALS’, ‘_GET’, ‘_POST’, ‘_COOKIE’, ‘_REQUEST’, ‘_SERVER’, ‘_ENV’, ‘_FILES’, ‘table_prefix’);

    $input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
    foreach ( $input as $k => $v )
    if ( !in_array($k, $noUnset) && isset($GLOBALS[$k]) ) {
    $GLOBALS[$k] = NULL;


    Session variables ARE global variables. So in effect, its calling the very function it just defined to delete ALL global variables.

    I commented out
    wp_unregister_GLOBALS(); and my sessions are no longer being killed.

    Because I’m not familiar with Word Press, I don’t know what consequences it might have to the wordpress stuff deployed on the site. The blogs seem to still work but Im gonna have the SEO guy who eats WordPress for breakfast test it.

    I saw there were no resolutions regarding this subject so I registered to WordPress to fill you in on this.

    I hope this helps.

    John Yun



    Hi Y’all, just wanted to close this thread out.

    I found the solution to this problem here:

    Beetlefish said:

    I couldn’t find session_start() in my installation of WordPress so I added it to the wp-config.php file at the top.


    This enabled sessions.

    I commented out
    wp_unregister_GLOBALS(); and my sessions are no longer being killed.

    THANK YOU!!! I could kiss you!
    This has been driving me totally crazy, especially because my session script was working fine on my local server, but online it didn’t.

    I wonder why the wp_unregister_GLOBALS() function unregisters $_SESSION on my hoster’s server, but on my local server it doesn’t…!?!

    I found out that my hoster had register_globals set to “On”, which was causing the problem.

    I simply had to upload a file named php.ini containing the following line:
    register_globals Off

    After that, there is no need to comment “wp_unregister_GLOBALS()” out any more.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘wp-blog-header.php killing sessions?’ is closed to new replies.