Title: User session
Last modified: August 24, 2016

---

# User session

 *  Resolved [ampli](https://wordpress.org/support/users/ampli/)
 * (@ampli)
 * [11 years ago](https://wordpress.org/support/topic/user-session-1/)
 * It seems that the user session set by NinjaFirewall was not found by the firewall
   script. You may get blocked by the firewall while working from the WordPress 
   administration dashboard.
 * Though still I have _not_ been blocked even once.
 * [https://wordpress.org/plugins/ninjafirewall/](https://wordpress.org/plugins/ninjafirewall/)

Viewing 15 replies - 1 through 15 (of 18 total)

1 [2](https://wordpress.org/support/topic/user-session-1/page/2/?output_format=md)
[→](https://wordpress.org/support/topic/user-session-1/page/2/?output_format=md)

 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [11 years ago](https://wordpress.org/support/topic/user-session-1/#post-6176804)
 * Hi,
 * Does this message appears permanently or randomly ? For instance, if you reload
   the firewall “Overview” page, it is still there ?
 *  Thread Starter [ampli](https://wordpress.org/support/users/ampli/)
 * (@ampli)
 * [11 years ago](https://wordpress.org/support/topic/user-session-1/#post-6176805)
 * yes it remains there even after reloading
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [11 years ago](https://wordpress.org/support/topic/user-session-1/#post-6176806)
 * Can you upload this PHP script to your WordPress document root:
 *     ```
       <?php
       if (! session_id() ) {
          session_start();
          echo 'Starting session.<br />';
       } else {
          echo 'Session was already started.<br />';
       }
       echo 'Checking "nfw_goodguy" session flag: ';
       if ( empty($_SESSION['nfw_goodguy'])) {
          echo ' ERROR: not found.';
       } else {
          echo ' OK, found it.';
       }
       ?>
       ```
   
 * Then go to http:/ /yoursite/thisscript.php and paste here the results.
 *  Thread Starter [ampli](https://wordpress.org/support/users/ampli/)
 * (@ampli)
 * [11 years ago](https://wordpress.org/support/topic/user-session-1/#post-6176807)
 *     ```
       Session was already started.
       Checking "nfw_goodguy" session flag: ERROR: not found.
       ```
   
 * This is the result
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [11 years ago](https://wordpress.org/support/topic/user-session-1/#post-6176809)
 * Create another PHP script with the following lines, and save it as info.php:
 *     ```
       <?php
       phpinfo();
       ?>
       ```
   
 * Then run it and paste here the values of:
 * session.cache_expire
    session.gc_maxlifetime session.use_cookies session.save_handler
   session.save_path
 *  Thread Starter [ampli](https://wordpress.org/support/users/ampli/)
 * (@ampli)
 * [11 years ago](https://wordpress.org/support/topic/user-session-1/#post-6176810)
 * local value Master value
    session.cache_expire 180 180 session.gc_maxlifetime
   1440 1440 session.use_cookies on on session.save_handler files files session.
   save_path /tmp /tmp
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [11 years ago](https://wordpress.org/support/topic/user-session-1/#post-6176811)
 * That looks fine.
    Some other suggestions:
 * 1. It could be an issue with canonical domain:
    See [https://wordpress.org/support/topic/sessions-not-working-tried-everything](https://wordpress.org/support/topic/sessions-not-working-tried-everything)
   2. If ‘session.cookie_domain’ is set, ensure it uses the correct domain name.
   It is better to leave it blank. 3. You have a caching plugin. 4. You are running
   PHP 5.3 with ‘register_globals’ enabled.
 *  Thread Starter [ampli](https://wordpress.org/support/users/ampli/)
 * (@ampli)
 * [11 years ago](https://wordpress.org/support/topic/user-session-1/#post-6176812)
 * 1.I will look into it
    2. session.cookie_domain – no value 3. it was working 
   fine before with caching plugin – I will try disabling and activating it again.
   4. its 5.4
 *  Thread Starter [ampli](https://wordpress.org/support/users/ampli/)
 * (@ampli)
 * [11 years ago](https://wordpress.org/support/topic/user-session-1/#post-6176944)
 * I couldn’t find the problem for now.
 * so will this cause any serious problem like allowing attacks ?
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [11 years ago](https://wordpress.org/support/topic/user-session-1/#post-6176949)
 * Hi
 * This does not make any problem with the site security.
 * The only issue is that, because you – the admin – are not whitelisted, you could
   be blocked by the firewall when working from the admin dashboard.
    For instance,
   if you edited some an article and inserted some Javascript code, the firewall
   could block you because it would think this is a XSS attack. In most cases, it
   is just a minor annoyance for you.
 *  Thread Starter [ampli](https://wordpress.org/support/users/ampli/)
 * (@ampli)
 * [11 years ago](https://wordpress.org/support/topic/user-session-1/#post-6176952)
 * oh ok thanks for your usual quick support 🙂
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [11 years ago](https://wordpress.org/support/topic/user-session-1/#post-6176962)
 * I forgot to mention in my previous message, that the “Live Log” feature may not
   work if you have issue with PHP session.
    Did you try it? Does it work?
 *  Thread Starter [ampli](https://wordpress.org/support/users/ampli/)
 * (@ampli)
 * [11 years ago](https://wordpress.org/support/topic/user-session-1/#post-6176963)
 * live log is not working
 * “Error: Live Log did not receive the expected response from your server:”
 *  Thread Starter [ampli](https://wordpress.org/support/users/ampli/)
 * (@ampli)
 * [11 years ago](https://wordpress.org/support/topic/user-session-1/#post-6176964)
 * off-topic:-
 * can your firewall be compared with modsecurity ?
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [11 years ago](https://wordpress.org/support/topic/user-session-1/#post-6176965)
 * If Live Log is not working it is clearly a PHP session issue on your side. You
   may need to check with your host or admin about that.
 * NinjaFirewall can be compared to ModSecurity and also the PHP Suhosin extension(
   both are very good module/extension) The main differences are:
    -ModSecurity 
   and Suhosin require root access to be installed and setup. NinjaFirewall does
   not, and can be setup at the user level. -ModSecurity hooks at a lower level (
   HTTP server), and NinjaFirewall at the PHP level. That is not too much a problem
   with WordPress because it is all written in PHP.

Viewing 15 replies - 1 through 15 (of 18 total)

1 [2](https://wordpress.org/support/topic/user-session-1/page/2/?output_format=md)
[→](https://wordpress.org/support/topic/user-session-1/page/2/?output_format=md)

The topic ‘User session’ is closed to new replies.

 * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137)
 * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/)
 * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/)

 * 18 replies
 * 2 participants
 * Last reply from: [ampli](https://wordpress.org/support/users/ampli/)
 * Last activity: [11 years ago](https://wordpress.org/support/topic/user-session-1/page/2/#post-6176969)
 * Status: resolved