Native PHP Sessions

Use native PHP sessions and stay horizontally scalable. Better living through superior technology.

Frequently updated
Very good! This plugin is actively maintained and the last update was released 1 days ago.
This plugin is tested with the last major release of WordPress
Content for list item
Compatible with the latest major PHP release
This plugin requieres PHP 7.4 or higher. The latest stable PHP 8.5.0 was released on 20 November 2025
No information about vulnerabilities and unfixed security issues is available.
Content for list item

Ratings

Active installs

10K

Total Downloads

1 M

Support Threads

Last updated

04 December 2025

Added

24 September 2014

Versions

9.43%82.05%8.52%

Version 1.2
Version 1.4
Version other

Rating

Based on 16 on WordPress.org

Download plugin Plugin website WordPress.org repository Support forum Plugin on WordPress.com

About Native PHP Sessions

WordPress core does not use PHP sessions, but sometimes they are required by your use-case, a plugin or theme.

This plugin implements PHP’s native session handlers, backed by the WordPress database. This allows plugins, themes, and custom code to safely use PHP $_SESSIONs in a distributed environment where PHP’s default tempfile storage just won’t work.

Note that primary development is on GitHub if you would like to contribute:

https://github.com/pantheon-systems/wp-native-php-sessions

Configuration

By default the session lifetime is set to 0, which is until the browser is closed.

To override this use the pantheon_session_expiration filter before the Native PHP Sessions plugin is loaded. For example a small Must-use plugin (a.k.a. mu-plugin) could contain:

<?php
function my_session_expiration_override() {
    return 60*60*4; // 4 hours
}
add_filter( 'pantheon_session_expiration', 'my_session_expiration_override' );<h3>CLI Commands</h3>

wp pantheon session add-index

Added in 1.4.0. This command should be run if your installation of the plugin occurred before the addition of the primary ID key to the session table in version 1.2.2. You will be automatically notified when you visit any admin page if this is the case. If there’s no message, your version is good to go. Note that this command is non-destructive, a new table will be created and the existing one preserved in a backup state until you have verified that the upgrade is functioning as expected.

wp pantheon session primary-key-finalize

Added in 1.4.0. If you have run the add-index command and have verified that the new table is functioning correctly, running the primary-key-finalize command will perform a database cleanup and remove the backup table.

wp pantheon session primary-key-revert

Added in 1.4.0. If you have run the add-index command and something unexpected has occurred, just run the primary-key-revert command and the backup table will immediately be returned to being the active table.

WordPress Multisite

As of 1.4.2 the add-index, primary-key-add and primary-key-revert commands are fully multisite compatible.

Contributing

See CONTRIBUTING.md for information on contributing.

Troubleshooting

If you see an error like “Fatal error: session_start(): Failed to initialize storage module:” or “Warning: ini_set(): A session is active.”, then you likely have a plugin that is starting a session before WP Native PHP Sessions is loading.

To fix, create a new file at wp-content/mu-plugins/000-loader.php and include the following:

<?php
if (file_exists(WP_PLUGIN_DIR . '/wp-native-php-sessions/pantheon-sessions.php')) {
    require_once WP_PLUGIN_DIR . '/wp-native-php-sessions/pantheon-sessions.php';
}

This mu-plugin will load WP Native PHP Sessions before all other plugins, while letting you still use the WordPress plugin updater to keep the plugin up-to-date.

Why not use another session plugin?

This implements the built-in PHP session handling functions, rather than introducing anything custom. That way you can use built-in language functions like the $_SESSION superglobal and session_start() in your code. Everything else will “just work”.

PHP’s fallback default functionality is to allow sessions to be stored in a temporary file. This is what most code that invokes sessions uses by default, and in simple use-cases it works, which is why so many plugins do it.

However, if you intend to scale your application, local tempfiles are a dangerous choice. They are not shared between different instances of the application, producing erratic behavior that can be impossible to debug. By storing them in the database the state of the sessions is shared across all application instances.

Please report security bugs found in the source code of the WP Native PHP Sessions plugin through the Patchstack Vulnerability Disclosure Program. The Patchstack team will assist you with verification, CVE assignment, and notify the developers of this plugin.

Why store them in the database?

Native PHP Sessions

Ratings

Active installs

Total Downloads

Support Threads

Last updated

Added

Versions

Rating

About Native PHP Sessions

Configuration

WordPress Multisite

Contributing

Troubleshooting

FAQ

Why not use another session plugin?

Why store them in the database?

Where do I report security bugs found in this plugin?

Changelog

1.4.5 (December 2025)

1.4.4 (September 17, 2025)

1.4.3 (November 13, 2023)

1.4.2 (November 8, 2023)

1.4.1 (October 23, 2023)

1.4.0 (October 17, 2023)

1.3.6 (June 1, 2023)

1.3.5 (April 7, 2023)

1.3.4 (February 7, 2023)

1.3.3 (January 25, 2023)

1.3.2 (January 25, 2023)

1.3.1 (December 5, 2022)

1.3.0 (November 28th, 2022)

1.2.5 (October 28, 2022)

1.2.4 (September 14th, 2021)

1.2.3 (April 9th, 2021)

1.2.2 (March 29th, 2021)

1.2.1 (September 17th, 2020)

1.2.0 (May 18th, 2020)

1.1.0 (April 23rd, 2020)

1.0.0 (March 2nd, 2020)

0.9.0 (October 14th, 2019)

0.8.1 (August 19th, 2019)

0.8.0 (August 13th, 2019)

0.7.0 (April 3rd, 2019)

0.6.9 (May 15th, 2018)

0.6.8 (May 4th, 2018)

0.6.7 (April 26th, 2018)

0.6.6 (March 8th, 2018)

0.6.5 (February 6th, 2018)

0.6.4 (October 10th, 2017)

0.6.3 (September 29th, 2017)

0.6.2 (June 6th, 2017)

0.6.1 (May 25th, 2017)

0.6.0 (November 23rd, 2016)

0.5

0.4

0.3

0.1

How to install Native PHP Sessions