views:

1309

answers:

3

I'm putting up a site using Wordpress and I'd like to piggyback on its sessions. But I'm not finding any plugins, or even documentation. Any suggestions or references before I start hacking it?

A: 

Wordpress doesn't seem to use any sessions.

The best way to go about it is to use the action hooks it provides.

Anraiki
+2  A: 

For what I need to do, the best answer involves:

  1. To allow the cookie for wordpress to persist across subdomains, install the Root Cookie plugin.
  2. sub1.domain.com has wordpress; sub2.domain.com is another site. From the other site (sub2), I read the cookies to identify who the user is and if the user is logged in

My cookies are as follows:

[wordpress_909bb230b32f5f0473202684d863b2e0] => mshaffer|1255298821|d0249fced9c323835c5bf7e84ad3ffea
[wordpress_logged_in_909bb230b32f5f0473202684d863b2e0] => mshaffer|1255298821|56e9c19541ecb596a1fa0995da935700

Using PHP, I can loop over the cookies, parse the key=>value pairs. These cookies let me know that [mshaffer] has a cookie stored on wordpress, and also is authenticated as logged_in. The expiry of the cookie is 1255298821.

In sub2, I can query the database of wordpress and grab the user info:

SELECT * FROM wp_users WHERE user_login = 'mshaffer' ... grab user_id,user_email from this query

SELECT * FROM wp_usermeta WHERE user_id = '$user_id' ... grab lots of other data from wp

With this info, I can add to my sub2 session variable / cookie and do what I want with the data. I can identify if I am logged in, and my username ... which let's me grab lots of different data. I can now use WordPress authentication in my sub2.domain.com and redirect accordingly.

monte

{x:

mshaffer
+2  A: 

have you seen this? http://www.thinkingoutloud.co.za/content/20091012/php_wordpress_and_session

wordpress doesn;t appear to call session_start() because it wants to be stateless and if register_globals is defined, it automatically destroys your $_SESSION

Steve
Thanks - from that I learned that you can call session_start() yourself in wp_config, which won't be overwritten by updates. But better than that, I'm using wp_config to instantiate a singleton instance of a "Context" class I'm using to hold a bunch of stuff I'm adding (including e.g. extended user auth tables etc.), and it can call session_start(). Your reference clarified it for me. (Now I need to maintain wp_settings with his patch to retain $_SESSION, or else use the consolidated "$input" array. Or let "Context" maintain and update the session variables.) I hate it when they do that.
le dorfier