Jump to content

Including ProcessWire & Sessions


Recommended Posts

Hi folks!

In my current project I'm using ProcessWire v2.5 as pure backend service, including it in my frontend application as described here.

Now I encountered some problems with the pw session handling interfering with the session handling of my frontend application. In this case the pw installation runs on a subdomain of my frontend application.

  1. Duplicate session_start()

    Each time I include pw's index.php pw tries to start it's own session, resulting in a notice that a session has already been started.

    To encounter this problem, I changed one row in Session::___init() (/ProcessWire/wire/core/Session.php):

    protected function ___init() {
    	if (session_status() != PHP_SESSION_ACTIVE) @session_start();
  2. Session configuration override

    Additionally pw sets it's own session configuration and therefore overrides the config of my frontend application.

    To prevent this, I wrapped the session configuration block within the index.php (/ProcessWire/index.php, rows ~176ff) in a condition:


    if (session_status() != PHP_SESSION_ACTIVE) {
        ini_set('session.use_cookies', true);
        ini_set('session.use_only_cookies', 1);
        ini_set('session.cookie_httponly', 1);
        ini_set('session.gc_maxlifetime', $config->sessionExpireSeconds);
        if (ini_get('session.save_handler') == 'files') {
            if (ini_get('session.gc_probability') == 0) {
                // Some debian distros replace PHP's gc without fully implementing it,
                // which results in broken garbage collection if the save_path is set.
                // As a result, we avoid setting the save_path when this is detected.
            } else {
                ini_set("session.save_path", rtrim($config->paths->sessions, '/'));

This is surely a bad way to fix my problem, because I had to change some code within the pw core.

If anybody knows a more elegant solution to prevent pw from starting/configuring a session if used vi include, it would be very welcome.



Link to comment
Share on other sites

  • 6 months later...
  • 4 months later...

I think not. My problem is, that in my scenario PW tries to start a session a second time without checking if a session is already active. The session configuration is another topic.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...