Title: PHP session always started, even when not needed
Last modified: September 22, 2022

---

# PHP session always started, even when not needed

 *  [kkatpcc](https://wordpress.org/support/users/kkatpcc/)
 * (@kkatpcc)
 * [3 years, 8 months ago](https://wordpress.org/support/topic/php-session-always-started-even-when-not-needed/)
 * WP Cassify seems to eagerly start a PHP session without first making sure it 
   has a reason to do so. This can introduce multi-request blocking behavior, and
   can load up a server with sessions for no good reason, both of which reduce scalability.
   Page caching plugins may help alleviate this, but using them shouldn’t be required
   to work around this behavior.
 * Please update the plugin so that a PHP session is not started unless required.
   A simple way to avoid starting a session is to first check if the session cookie
   exists, e.g. `isset($_COOKIE[session_name()])`
 * Another option is to eliminate dependency on native PHP sessions entirely. One
   way is to store tokens/data in the database and directly manage the cookie, akin
   to WP. Another way is to reduce the scope of the plugin down to only what is 
   needed for CAS auth & user mapping, and let WP handle the rest. This would help
   make things less awkward in load-balanced installations.

Viewing 1 replies (of 1 total)

 *  [Michael](https://wordpress.org/support/users/eizzumdm/)
 * (@eizzumdm)
 * [3 years, 7 months ago](https://wordpress.org/support/topic/php-session-always-started-even-when-not-needed/#post-16101228)
 * For us, the problem is that because WP Cassify sets that PHP Session cookie on
   every single page for every single visitor, that busts the cache for every page,
   so we are getting zero percent cache hit rate in Pantheon.
 * [https://pantheon.io/docs/cookies#cache-busting-cookies](https://pantheon.io/docs/cookies#cache-busting-cookies)
 * We have worked around it being a PHP Session cookie (not supported on Pantheon)
   by using the WP Native PHP Sessions plugin, but that just changes how the cookie
   is stored, we still have the problem of it being on every page.
 * I had hoped that turning off Gateway Mode (auto login) in WP Cassify would limit
   the session cookies to just certain pages, but no.
 * I would welcome any of the options mentioned by [@kkatpcc](https://wordpress.org/support/users/kkatpcc/)

Viewing 1 replies (of 1 total)

The topic ‘PHP session always started, even when not needed’ is closed to new replies.

 * ![](https://ps.w.org/wp-cassify/assets/icon-256x256.png?rev=3112582)
 * [WP Cassify](https://wordpress.org/plugins/wp-cassify/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-cassify/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-cassify/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-cassify/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-cassify/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-cassify/reviews/)

 * 1 reply
 * 2 participants
 * Last reply from: [Michael](https://wordpress.org/support/users/eizzumdm/)
 * Last activity: [3 years, 7 months ago](https://wordpress.org/support/topic/php-session-always-started-even-when-not-needed/#post-16101228)
 * Status: not resolved