• Resolved Anonymous User 21173398

    (@anonymized-21173398)


    There is a problem with the site health check after installing the plug-in.

    1. The session_start() function call generates a PHP session. This session interferes with REST API and loopback requests. The session must be closed by the session_write_close() function before any HTTP requests are made.

    2. The REST API is a way for WordPress and other applications to communicate with the server. For example, the block editor page relies on the REST API to display and save your pages and posts.

    While testing the REST API, an error occurred:

    REST API endpoint: https://example.xyz/wp-json/wp/v2/types/post?context=edit
    REST API response: (http_request_failed) cURL error 28: Operation timed out after 10000 milliseconds with 0 bytes received

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author WebFactory

    (@webfactory)

    I see the problem. We’ll have it fixed in the next release 👍

    Hi there,
    while running wp 6.5.2 with Captcha Code 3.1 i also get such messages in the backend.

    I searched in all my plugin files for “session_start()” and found it at ~/wp-content/plugins/captcha-code-authentication/wpCaptcha.php on line 41 inside the class WP_Captcha_Code.

    I researched to that particular message and found that german page:
    https://www.viresist.org/wordpress-tutorials/kritische-warnung-eine-aktive-php-sitzung-wurde-erkannt-in-wordpress-erhalten/

    in general it says: try to add the option “‘read_and_close’ => true” to it and see if it works.

    from

    if ( !session_id() ) {
      @session_start();
    }

    to

    if ( !session_id() ) {
      @session_start(['read_and_close' => true]);
    }

    I changed it the hard way in your plugin-file and the message goes away.

    EDIT: But then the Captcha gets bypassed on Login.

    So maybe an also mentioned session_write_close(); sowehere else is needed.

    kind regards
    tom

    Looks like you reinvented or still not fixed the issue – when i look at ~/wp-content/plugins/captcha-code-authentication/wpCaptcha.php on line 41 it still not fixed.

    Hi,

    i debugged that topic furthermore as the proposed solution stopped the registration page captcha from working.

    so thats what i currently came up with:

        if (!session_id()) {
    if ( $GLOBALS['pagenow'] === 'wp-login.php' && ! empty( $_REQUEST['action'] ) && $_REQUEST['action'] === 'register' ) {
    session_start();
    } else {
    @session_start(['read_and_close' => true]);
    }
    }
    Plugin Author Alexandru Tapuleasa

    (@talextech)

    Thank you, we should have the update out this week 🙂

    Hi,

    meanwhile i noticed that my changes led to bypass the captcha on the login page (with wrong letters, empty field wont bypass) so i removed the action parameter condition entirely:

        if (!session_id()) {
    if ( $GLOBALS['pagenow'] === 'wp-login.php' ) {
    session_start();
    } else {
    @session_start(['read_and_close' => true]);
    }
    }

    So that solution maybe needs more testing on other occurances then on the login page. Is it used elsewhere or somehow for loggedin users?

    Plugin Author Alexandru Tapuleasa

    (@talextech)

    We will have an update out soon that uses cookies instead of session so it should resolve all the issues in a better way.

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Site health issues’ is closed to new replies.