Session Login in wordpress

wordpress session
how to enable session in wordpress
wordpress session variables
session not working in wordpress
wordpress cookies
session start in wordpress
how to destroy session in wordpress
wordpress remember me cookie

I have a site and a wordpress blog at

I want my user to login at and $_SESSION['USERNAME'] is passed to

I just want to know, how can i automatically login the end user to wordpress blog, once they login to my main site.

For now i am passing $_SESSION['USERNAME'] and using a plugin external database login, which I have linked to my main site database.

Any function that is used to login to wordpress using session username will be helpful.

Wordpress don't use $_SESSIONyou need to code a plugin or to add some code to your functions.php to do this - cf

You should add something like this :

function init_sessions() {
    if (!session_id()) {
add_action('init', 'init_sessions');

NB: there is also a plugin to manage Sessions with Wordpress, maybe you can use/hack this

WordPress Cookies and PHP Sessions, is to add the following lines to wp-config. php before the call to wp-settings: if (! session_id()) session_start(); Get Instantly Notified of Multiple or Blocked WordPress Users Sessions. The WP Security Audit Log plugin uses two event IDs to keep a record of simultaneous sessions with the same username or blocked sessions. It uses: Event ID 1004 to keep a record of a blocked user session; Event ID 1005 to keep a lot of simultaneous sessions with the same username

I have been reading on this. Here is what I have found as I am in the same issue. In your wp-config.php file at the top add:

add_action('init', 'myStartSession', 1);
function myStartSession() {
    if(!session_id()) {

HOWEVER, " The data stored in the session doesn’t go away when the user logs out or logs into a different account. For that you need to destroy the session. ..." (exerpt from this nice write up). It explains you also need to:

function myEndSession() {
    session_destroy ();

Using the PHP Session in WordPress, installation the only thing you have to do is call session_start(); before any output is send to the client. Select the Login Logic as Block. Now user will have to wait for the other login sessions to expire before login from new device. How long a login session exist? How long the user needs to wait for new login? 🤔 That depends. If the “Remember Me” box is checked while login, WordPress will keep the user logged in for 14 days by default.

if you can get wp user_id you could do something like this:

function init_sessions() {
    if (user_logged_on_site) {
        $user_id = $_SESSION['wp_user_id']; //this has to be set when the user logs on your website 

        wp_set_auth_cookie( $user_id); //log in the user on wordpress
add_action('init', 'init_sessions');

Documentation on wp_set_auth_cookie

Enable $_SESSION in WordPress, variables again, session_start() has to be called. Note: You do not have to call session_destroy() from usual code. 1: In WordPress we are going to need to clear out the session once a user has logged out or a new user has logged into the website. We will use two provided actions, wp_logout and wp_login , to call a function we will create called end_session();

session_destroy - Manual, First answer this question: Why bypass the WordPress login/auth system? What's the end-game here? I would highly recommend against using  For more information, see Fix WordPress PHP Session Problems on Pantheon with a Script. Sessions and Scalability. Starting a session for every user is an application anti-pattern. Serving pages to users with sessions cannot be done out of a cache, so creating a session for every visitor inherently makes your application unscalable.

How to Check if User is Logged In WordPress (PHP Function), Once the plugin is installed, click the End all Sessions button on the plugin settings page to encourage users to login again and be kept logged in forever! WordPress sets a cookie in your browser to authenticate a login session. This cookie is set for the WordPress URL stored in your settings section. But if we are accessing from a URL that does not match the one in your WordPress settings, then WordPress will not be able to authenticate that session.

how to manage Session in Wordpress using custom login , Depending on how busy your WordPress site or multisite network is, you might have a variety of users who login and interact with your website. this is the better answer - wordpress sends headers before the header.php file is run, so starting the session there may still clash with the headers wordpress sends. Running it on init avoids that problem. – totallyNotLizards Feb 17 '16 at 9:36