Plugin seems to be killing the session variable

Anti-spam plugin for WordPress
Michael Wendell
Posts: 3
Joined: 09 Feb 2017, 05:42
Has thanked: 0
Been thanked: 1 time

Plugin seems to be killing the session variable

Unread post by Michael Wendell » 09 Feb 2017, 06:04

Hello,

I just spent a day debugging an issue where the CleanTalk plugin seemed to be resetting our $_SESSION variables completely, causing the site to lose session state information.

A front-end engineer narrowed the problem down to CleanTalk specifically by simply disabling and re-enabling the plugin. He noticed that, if CleanTalk was enabled, our $_SESSION variables were in place and correct prior to the wp_footer() call, but immediately afterward the only variables in $_SESSION were [ct_formtime] and [ct_page_hits].

I investigated the plugin code and placed markers in the ct_init_session() function in /inc/cleantalk-comon.php. I found that each page load called it twice (both seemingly in wp_footer()), and that the first time through it properly retrieved the active session_id(), yet on the second pass the session_id() was blank, forcing the function to reset $_SESSION completely.

As a test, I commented out the bulk of the ct_init_session() function, leaving just the return null. When this was done the CleanTalk variables were properly added to $_SESSION, and the $_SESSION also retained our custom variables. However, I did not feel that it was a good long-term solution on our end to modify your plugin, so I disabled this fix. In the end I chose to grab all of our $_SESSION data prior to wp_footer(), and restore it to $_SESSION immediately after.

So I guess my question is this... have you seen this issue anywhere? Do you have any idea what the nature of the issue is? And if this is something you have seen, can we expect a fix in a future update?

The site in question is running Wordpress 4.6.1 on NGINX with PHP 5.6.30, and the very latest version of CleanTalk as of today; 5.57.1. We also implement caching using the latest version of W3 Total Cache, as well as a Rackspace CDN.

Thanks,
m.
These users thanked the author Michael Wendell for the post:
SergeM (09 Feb 2017, 22:13)
Rating: 50%

ArtyomDavydov
Posts: 37
Joined: 18 Nov 2016, 10:38
Has thanked: 0
Been thanked: 4 times

Re: Plugin seems to be killing the session variable

Unread post by ArtyomDavydov » 09 Feb 2017, 13:23

Hello Michael,

Thank you very much for your great feedback! We're planing to release a bug fix tomorrow.

Also, you can send us your account name or website and we are gladly give you free months for your research.

You can contact us via:
1) forum
2) support ticket (https://cleantalk.org/my/support)
3) welcome@cleantalk.org

Best regards.

User avatar
Roman
Posts: 103
Joined: 13 Jan 2016, 08:31
Has thanked: 0
Been thanked: 6 times

Re: Plugin seems to be killing the session variable

Unread post by Roman » 10 Feb 2017, 11:57

Hello,

We couldn't locate the problem however we have made fix which could help you. Please, install the plugin from here: https://downloads.wordpress.org/plugin/ ... rotect.zip

Thank you so much for the feedback! Let us know the results.
Roman Safronov
Technical Support

Michael Wendell
Posts: 3
Joined: 09 Feb 2017, 05:42
Has thanked: 0
Been thanked: 1 time

Re: Plugin seems to be killing the session variable

Unread post by Michael Wendell » 14 Feb 2017, 03:58

Hi Roman,

Thanks so much for the fast response to the issue. Sorry to hear you couldn't find it, it's possible that it's a conflict with another plugin I guess.

I had to fix the issue before I heard back from you, so I simply grabbed the $_SESSION information prior to the wp_footer() call and then stuffed it back into the session right afterward. I downloaded the fix file you linked to though, and will test that as well. My concern, as always, will be that later upgrades may wipe out this patch, so I may end up just keeping my kluge in place for the time being.

Also, the client appreciates your offer of free months for the research, and I appreciate you helping to make the client happy. I've emailed the client's account information to welcome@cleantalk.org.

Thanks again!
m.

User avatar
SergeM
Posts: 113
Joined: 27 May 2016, 08:05
Has thanked: 10 times
Been thanked: 8 times
Contact:

Re: Plugin seems to be killing the session variable

Unread post by SergeM » 14 Feb 2017, 06:53

Hello.

We have received your mail and will add bonus months soon.

Thank you for informing us about your observations and explanations.

Contact us any time.

Best wishes.
———————
Technical Support
https://CleanTalk.org — Anti-Spam Modules for all CMS

User avatar
Roman
Posts: 103
Joined: 13 Jan 2016, 08:31
Has thanked: 0
Been thanked: 6 times

Re: Plugin seems to be killing the session variable

Unread post by Roman » 14 Feb 2017, 09:31

Hello,

Did you try to install the version i have sent you?
I think it' s gonna work.

Please, contact us.
Roman Safronov
Technical Support

Michael Wendell
Posts: 3
Joined: 09 Feb 2017, 05:42
Has thanked: 0
Been thanked: 1 time

Re: Plugin seems to be killing the session variable

Unread post by Michael Wendell » 03 Mar 2017, 18:04

Hi Roman,

I downloaded the new version, but have not installed it. As I mentioned, I implemented an external fix, just grabbing the session variables prior to the wp_footer() function, and then reinserting them into the session immediately after wp_footer() runs. This is working.

My concern about the fix you offered was that it might be deprecated if we upgrade to a subsequent Cleantalk version. If the change will be instituted in a future version of the plugin itself, then I will wait until that point to install it.

Thank you very much though.
m.

User avatar
SergeM
Posts: 113
Joined: 27 May 2016, 08:05
Has thanked: 10 times
Been thanked: 8 times
Contact:

Re: Plugin seems to be killing the session variable

Unread post by SergeM » 06 Mar 2017, 08:45

Hello.

Yes, the fix is applied to the new version and will stay further.

Please, update the plugin when its new version is available.

Contact us any time.

Kind regards.
———————
Technical Support
https://CleanTalk.org — Anti-Spam Modules for all CMS

Post Reply