PHP session interfering with the WordPress REST API

Hello,

I am using the “Login with Microsoft Entra ID” extension on my WordPress site, which works very well.

However, since installing it, I have two security alerts in the WordPress Health Center:

1/ A PHP session was created by a call to the session_start()function. This interferes with the REST API and loopback requests. The session should be closed by session_write_close() before making any HTTP requests.

2/ The REST API is one of the ways WordPress or other applications communicate with the server. For example, the editor screen relies on it to display and save your posts.

When testing the REST API, an error occurred:

REST API endpoint: https://www.clement-haurogne.fr/wp-json/wp/v2/types/post?context=edit

REST API response: (http_request_failed) cURL error 28: Operation timed out after 10000 milliseconds with 0 bytes received

Can you please provide a fix soon?

Best regards,

Clément