Title: [NSFW] Session Mixed Last modified: October 26, 2024 --- # [NSFW] Session Mixed * Resolved [amfahadsafi](https://wordpress.org/support/users/amfahadsafi/) * (@amfahadsafi) * [1 year, 5 months ago](https://wordpress.org/support/topic/session-mixed-2/) * I’m using a plugin called “WordPress Persistent Login.” However, I’m experiencing a critical issue where user sessions seem to overlap. Despite multiple tests, reinstalling, and even uninstalling the plugin, users are still encountering the following problem: When a standard user logs in with their username and password, they are sometimes mistakenly logged in with admin privileges, accessing the admin session instead of their own.Could you help identify what might be causing this, or suggest any fixes to prevent session data from mixing between users? * ( when i uninstalled the plugin the issue disappear) - This topic was modified 1 year, 5 months ago by [amfahadsafi](https://wordpress.org/support/users/amfahadsafi/). Viewing 9 replies - 1 through 9 (of 9 total) * Plugin Author [lukeseager](https://wordpress.org/support/users/lukeseager/) * (@lukeseager) * [1 year, 5 months ago](https://wordpress.org/support/topic/session-mixed-2/#post-18098211) * Hi, thanks for opening a support request. * you said at the start of your message that after uninstalling the plugin you still had the issue, but at the end of your message you said that the issue disappears. Can you clarify which is correct? * As I mentioned in your review, Persistent Login uses a hook that WordPress provides to keep users logged in. This hook gives us the user ID to update. * Can you provide me with an example of a user who has had this issue? An example of their login cookie, and also their session data from the database? The database data will be in the user_meta table, with a key of ‘session_tokens’ for the users ID. Please obscure their IP address and any other sensitive data. - This reply was modified 1 year, 5 months ago by [lukeseager](https://wordpress.org/support/users/lukeseager/). * Thread Starter [amfahadsafi](https://wordpress.org/support/users/amfahadsafi/) * (@amfahadsafi) * [1 year, 5 months ago](https://wordpress.org/support/topic/session-mixed-2/#post-18104250) * I have created over 100 users with the subscriber role and 3 administrators, with one designated as the super admin. * When some subscribers log in, they are sometimes mistakenly logged in as the super admin. This issue occurs randomly with some users. The super admin has only one session option and requires 2FA to log in. However, when I install the WordPress Persistent Login plugin, sessions seem to get mixed up, and most users gain administrator access. * When I deactivate the WordPress Persistent Login plugin, the issue disappears. However, when I reactivate it, the issue reappears. - This reply was modified 1 year, 5 months ago by [amfahadsafi](https://wordpress.org/support/users/amfahadsafi/). * Thread Starter [amfahadsafi](https://wordpress.org/support/users/amfahadsafi/) * (@amfahadsafi) * [1 year, 5 months ago](https://wordpress.org/support/topic/session-mixed-2/#post-18104401) * I have created over 100 users with the _subscriber_ role, including _User X_ and _User Y_. I also have 3 administrators, with one designated as the _super admin_. * **Expected Behavior**: - _User X_ and _User Y_, both with the _subscriber_ role, should only have limited access when they log in. - The _super admin_ should have higher privileges, limited to one active session at a time, and require 2FA for added security. * **Issue When Using Persistent Login Plugin**: - When I activate the _WordPress Persistent Login_ plugin, _User X_ and _User Y_ sometimes randomly log in with _super admin_ access rather than their intended subscriber-level access. - This issue occurs inconsistently and doesn’t affect all subscribers every time. Even though the _super admin_ is restricted to a single session and requires 2FA, the login sessions still appear to get mixed up. * **Temporary Solution**: - When I deactivate the _WordPress Persistent Login_ plugin, the issue disappears, and users like _User X_ and _User Y_ only have subscriber-level access, as expected. - However, when I reactivate the plugin, the session mix-up issue reappears. * Plugin Author [lukeseager](https://wordpress.org/support/users/lukeseager/) * (@lukeseager) * [1 year, 5 months ago](https://wordpress.org/support/topic/session-mixed-2/#post-18104849) * Hi thank you for the information. * Can I ask if you’re website is a wordpress Multi site? You mention a super admin role, which isn’t a standard role on a single WordPress website. * Is it possible to share the website URL so I can test signing up as a subscriber to replicate the issue? * Thread Starter [amfahadsafi](https://wordpress.org/support/users/amfahadsafi/) * (@amfahadsafi) * [1 year, 5 months ago](https://wordpress.org/support/topic/session-mixed-2/#post-18105720) * by mean of super admin i mean Administrator role ( the one by default) * Plugin Author [lukeseager](https://wordpress.org/support/users/lukeseager/) * (@lukeseager) * [1 year, 5 months ago](https://wordpress.org/support/topic/session-mixed-2/#post-18106493) * Thank you. Is your website a WordPress Multi site installation? * Thread Starter [amfahadsafi](https://wordpress.org/support/users/amfahadsafi/) * (@amfahadsafi) * [1 year, 5 months ago](https://wordpress.org/support/topic/session-mixed-2/#post-18106510) * No its not multi site * Plugin Author [lukeseager](https://wordpress.org/support/users/lukeseager/) * (@lukeseager) * [1 year, 5 months ago](https://wordpress.org/support/topic/session-mixed-2/#post-18108709) * Thank you for confirming. Are you able to share the URL of the website with me please? If you’re concerned about sharing the URL publicly, you can send it to [luke@persistentlogin.com](https://wordpress.org/support/topic/session-mixed-2/luke@persistentlogin.com?output_format=md)( if wordpress.org administrators are happy for me to request that). * I’m conscious that any information shared here that lets me assist you could potentially be used to gain administrator access to your website. Which we definitely want to avoid. * Plugin Author [lukeseager](https://wordpress.org/support/users/lukeseager/) * (@lukeseager) * [1 year, 3 months ago](https://wordpress.org/support/topic/session-mixed-2/#post-18222013) * Hi, I’m going to close this thread as it’s been over a month without a reply. If you are still having issues, please open a new support request. Viewing 9 replies - 1 through 9 (of 9 total) The topic ‘[NSFW] Session Mixed’ is closed to new replies. * ![](https://ps.w.org/wp-persistent-login/assets/icon-256x256.jpg?rev=1847715) * [Persistent Login](https://wordpress.org/plugins/wp-persistent-login/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-persistent-login/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-persistent-login/) * [Active Topics](https://wordpress.org/support/plugin/wp-persistent-login/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-persistent-login/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-persistent-login/reviews/) ## Tags * [login](https://wordpress.org/support/topic-tag/login/) * [session](https://wordpress.org/support/topic-tag/session/) * [WordPress](https://wordpress.org/support/topic-tag/wordpress/) * 9 replies * 2 participants * Last reply from: [lukeseager](https://wordpress.org/support/users/lukeseager/) * Last activity: [1 year, 3 months ago](https://wordpress.org/support/topic/session-mixed-2/#post-18222013) * Status: resolved