Session functionality causing errors in session-disabled server environments

  • masatoigarashi

    (@masatoigarashi)


    9 months ago

    Hi there,

    I’m experiencing PHP session errors with the reCAPTCHA for WooCommerce plugin in a server environment where PHP sessions are disabled for performance/security reasons.

    Error Details:

    PHP Warning: session_start(): open(/var/lib/php/session/sess_xxx, O_RDWR) failed: Permission denied (13)
PHP Warning: session_start(): Failed to read session data: files (path: /var/lib/php/session)

    Root Cause: The plugin uses PHP sessions in the WordPress login functionality (line 211 in recaptcha-woo.php) to prevent duplicate reCAPTCHA checks during authentication. This occurs when rcfwc_tested option is set to ‘yes’.

    Current Workaround: Setting rcfwc_tested to ‘no’ in the database disables the session functionality, and WooCommerce features (checkout, login, registration) work perfectly without sessions.

    Feature Request: Could you consider implementing an alternative to PHP sessions for environments where they’re not available? Possible alternatives:

    • WordPress transients
    • User meta data
    • Database-stored tokens
    • Cookie-based approach with nonce verification

    Environment:

    • WordPress: 6.8.2
    • WooCommerce: 10.1.1
    • Plugin Version: 1.4.5
    • Server: Nginx with session-disabled PHP-FPM

    The plugin works great otherwise! Just need a session-free option for the WP login duplicate check prevention mechanism.

    Thanks for your consideration!

The topic ‘Session functionality causing errors in session-disabled server environments’ is closed to new replies.