Title: PHP SESSION disables cache
Last modified: March 20, 2017

---

# PHP SESSION disables cache

 *  Resolved [hackgyver](https://wordpress.org/support/users/hackgyver/)
 * (@hackgyver)
 * [9 years, 3 months ago](https://wordpress.org/support/topic/php-session-disables-cache/)
 * When we upgraded from 2.5.3 to 2.5.9
    we experienced that the plugin started 
   using PHP Sessions.
 * From this we experience that the response headers changed from this:
    Cache-Control:
   max-age=1200, s-maxage=300
 * to this
    Set-Cookie: PHPSESSID=tvn2oo45s1gs988ead088as0b2; path=/; secure; HttpOnly
   Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: max-age=1200, s-maxage=
   300 Pragma: no-cache
 * So this upgrade disabled all our ATS-Cache.
 * Is there a way to disable this?

Viewing 12 replies - 1 through 12 (of 12 total)

 *  [WPWhiteSecurity](https://wordpress.org/support/users/wpwhitesecurity/)
 * (@wpwhitesecurity)
 * [9 years, 3 months ago](https://wordpress.org/support/topic/php-session-disables-cache/#post-8843215)
 * Hello hackgyver,
 * Thank you for using our plugin.
 * You’re correct, we did start using the phpsession. It is being used by the plugin
   to determine when a user is logged in or not. Having said that, it is only used
   for logged in users and it does not add the Pragma: no-cache header, which is
   the disabling your cache.
 * Could it be something else, maybe you did another change in the meantime that
   is adding this header? I can confirm that we are not using any of these in our
   code: [http://php.net/manual/en/function.session-cache-limiter.php](http://php.net/manual/en/function.session-cache-limiter.php)
 * Looking forward to hearing from you.
 *  Thread Starter [hackgyver](https://wordpress.org/support/users/hackgyver/)
 * (@hackgyver)
 * [9 years, 3 months ago](https://wordpress.org/support/topic/php-session-disables-cache/#post-8844024)
 * I’ve been testing the responseheaders with the two versions now:
 * curl -k -s –include -D /dev/tty -o /dev/null ‘[https://wp-www.www.dev.x.net/privat/bredband/wifi/&#8217](https://wp-www.www.dev.x.net/privat/bredband/wifi/&#8217);
 * Responsheaders with 2.5.3:
 * HTTP/1.1 200 OK
    Date: Wed, 22 Feb 2017 13:58:52 GMT Server: Apache/2.4.6 (CentOS)
   OpenSSL/1.0.1e-fips PHP/5.4.16 Strict-Transport-Security: max-age=31536000 Set-
   Cookie: partnerinfo=%7B%22id%22%3A%221027%22%2C%22name%22%3Anull%2C%22hostname%
   22%3Anull%2C%22logoUrl%22%3Anull%7D Cache-Control: max-age=1200, s-maxage=300
   Link: <[https://wp-www.www.dev.x.net/wp-json/&gt](https://wp-www.www.dev.x.net/wp-json/&gt);;
   rel=”[https://api.w.org/&#8221](https://api.w.org/&#8221); Link: <[https://wp-www.www.dev.x.net/?p=4385&gt](https://wp-www.www.dev.x.net/?p=4385&gt);;
   rel=shortlink Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: 
   text/html; charset=UTF-8
 * Response headers with 2.5.9:
 * HTTP/1.1 200 OK
    Date: Wed, 22 Feb 2017 13:58:03 GMT Server: Apache/2.4.6 (CentOS)
   OpenSSL/1.0.1e-fips PHP/5.4.16 Strict-Transport-Security: max-age=31536000 Set-
   Cookie: PHPSESSID=tvn2oo45s1gs988ead088as0b2; path=/; secure; HttpOnly Expires:
   Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: max-age=1200, s-maxage=300 Pragma:
   no-cache Set-Cookie: partnerinfo=%7B%22id%22%3A%221027%22%2C%22name%22%3Anull%
   2C%22hostname%22%3Anull%2C%22logoUrl%22%3Anull%7D Link: <[https://wp-www.www.dev.x.net/wp-json/&gt](https://wp-www.www.dev.x.net/wp-json/&gt);;
   rel=”[https://api.w.org/&#8221](https://api.w.org/&#8221); Link: <[https://wp-www.www.dev.x.net/?p=4385&gt](https://wp-www.www.dev.x.net/?p=4385&gt);;
   rel=shortlink Vary: Accept-Encoding Transfer-Encoding: chunked Content-Type: 
   text/html; charset=UTF-8
 * PHP automatic sets Expires (to 1981) and Pragma when there’s an active session.
 * The combination of Cache-Control with instructions like cache and Expires, Pragma
   not to cache leaves our Apache Traffic Server (ATS) without caching.
 *  [WPWhiteSecurity](https://wordpress.org/support/users/wpwhitesecurity/)
 * (@wpwhitesecurity)
 * [9 years, 3 months ago](https://wordpress.org/support/topic/php-session-disables-cache/#post-8847859)
 * Hello Hackgyver,
 * That is actually a good test and catch. Thank you for this Hackgyver. Will surely
   look into this and get back to you.
 *  [WPWhiteSecurity](https://wordpress.org/support/users/wpwhitesecurity/)
 * (@wpwhitesecurity)
 * [9 years, 3 months ago](https://wordpress.org/support/topic/php-session-disables-cache/#post-8864826)
 * Hello Hackgyver,
 * Just to confirm, are you using any of the premium add-ons or not?
 *  Thread Starter [hackgyver](https://wordpress.org/support/users/hackgyver/)
 * (@hackgyver)
 * [9 years, 3 months ago](https://wordpress.org/support/topic/php-session-disables-cache/#post-8864849)
 * Yes, I’m using
    email-notifications reports search user-sessions-management
 *  [WPWhiteSecurity](https://wordpress.org/support/users/wpwhitesecurity/)
 * (@wpwhitesecurity)
 * [9 years, 3 months ago](https://wordpress.org/support/topic/php-session-disables-cache/#post-8865020)
 * Ok. If you disable the users-sessions-management plugin does the issue persist?
 *  Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/)
 * (@jdembowski)
 * Forum Moderator and Brute Squad
 * [9 years, 3 months ago](https://wordpress.org/support/topic/php-session-disables-cache/#post-8865077)
 * [@wpwhitesecurity](https://wordpress.org/support/users/wpwhitesecurity/)
 * > Just to confirm, are you using any of the premium add-ons or not?
 * > Yes, I’m using
   >  email-notifications reports search user-sessions-management
 * Can you direct this topic to your own site for support? Other plugin authors 
   do that (it’s required).
 * [https://www.wpsecurityauditlog.com/support/](https://www.wpsecurityauditlog.com/support/)
 * As you are aware, commercial products are [not supported in these forums](http://codex.wordpress.org/Forum_Welcome#Commercial_Products).
   As this is your customer I am sure you will provide support there.
 *  Thread Starter [hackgyver](https://wordpress.org/support/users/hackgyver/)
 * (@hackgyver)
 * [9 years, 3 months ago](https://wordpress.org/support/topic/php-session-disables-cache/#post-8865133)
 * I’m quite sure that the sub-modules was not enabled during this test.
    This is
   still a valid issue for non-paying customers.
 *  [WPWhiteSecurity](https://wordpress.org/support/users/wpwhitesecurity/)
 * (@wpwhitesecurity)
 * [9 years, 3 months ago](https://wordpress.org/support/topic/php-session-disables-cache/#post-8869474)
 * Thank you for your answer hackgyver. I asked because the Users Management add-
   on uses the PHP session etc, so that might be somehow triggering this issue.
 * We need more information to troubleshoot this, so can you please contact us via
   email on [support@Wpwhitesecurity.com](https://wordpress.org/support/topic/php-session-disables-cache/support@Wpwhitesecurity.com?output_format=md)
   so we can start troubleshooting it?
 * Thank you.
 *  [WPWhiteSecurity](https://wordpress.org/support/users/wpwhitesecurity/)
 * (@wpwhitesecurity)
 * [9 years, 3 months ago](https://wordpress.org/support/topic/php-session-disables-cache/#post-8869477)
 * [@jdembowski](https://wordpress.org/support/users/jdembowski/) thank you for 
   pointing that out. That’s the reason why I asked, so if he is using them then
   we can get in touch via email.
 *  [WPWhiteSecurity](https://wordpress.org/support/users/wpwhitesecurity/)
 * (@wpwhitesecurity)
 * [9 years, 3 months ago](https://wordpress.org/support/topic/php-session-disables-cache/#post-8887933)
 * Hackgyver,
 * We identified the issue and are working on a fix right now. Should release an
   update later on today or tomorrow.
 *  [WPWhiteSecurity](https://wordpress.org/support/users/wpwhitesecurity/)
 * (@wpwhitesecurity)
 * [9 years, 3 months ago](https://wordpress.org/support/topic/php-session-disables-cache/#post-8892361)
 * Hello [@hackgyver](https://wordpress.org/support/users/hackgyver/)
 * We just released version 2.6.1 which fixes the issue you reported. The cache 
   was being disabled because the plugin was creating a PHP Session ID cookie for
   non logged in visitors, which was a bug.
 * The plugin no longer creates such cookie, so the cache will work.
 * Please do not hesitate to get in touch in case of any further issues.

Viewing 12 replies - 1 through 12 (of 12 total)

The topic ‘PHP SESSION disables cache’ is closed to new replies.

 * ![](https://ps.w.org/wp-security-audit-log/assets/icon-256x256.png?rev=2961534)
 * [WP Activity Log](https://wordpress.org/plugins/wp-security-audit-log/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-security-audit-log/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-security-audit-log/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-security-audit-log/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-security-audit-log/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-security-audit-log/reviews/)

 * 12 replies
 * 3 participants
 * Last reply from: [WPWhiteSecurity](https://wordpress.org/support/users/wpwhitesecurity/)
 * Last activity: [9 years, 3 months ago](https://wordpress.org/support/topic/php-session-disables-cache/#post-8892361)
 * Status: resolved