I see the problem. We’ll have it fixed in the next release 👍
Hi there,
while running wp 6.5.2 with Captcha Code 3.1 i also get such messages in the backend.
I searched in all my plugin files for “session_start()” and found it at ~/wp-content/plugins/captcha-code-authentication/wpCaptcha.php on line 41 inside the class WP_Captcha_Code.
I researched to that particular message and found that german page:
https://www.viresist.org/wordpress-tutorials/kritische-warnung-eine-aktive-php-sitzung-wurde-erkannt-in-wordpress-erhalten/
in general it says: try to add the option “‘read_and_close’ => true” to it and see if it works.
from
if ( !session_id() ) {
@session_start();
}
to
if ( !session_id() ) {
@session_start(['read_and_close' => true]);
}
I changed it the hard way in your plugin-file and the message goes away.
EDIT: But then the Captcha gets bypassed on Login.
So maybe an also mentioned session_write_close(); sowehere else is needed.
kind regards
tom
Looks like you reinvented or still not fixed the issue – when i look at ~/wp-content/plugins/captcha-code-authentication/wpCaptcha.php on line 41 it still not fixed.
Hi,
i debugged that topic furthermore as the proposed solution stopped the registration page captcha from working.
so thats what i currently came up with:
if (!session_id()) {
if ( $GLOBALS['pagenow'] === 'wp-login.php' && ! empty( $_REQUEST['action'] ) && $_REQUEST['action'] === 'register' ) {
session_start();
} else {
@session_start(['read_and_close' => true]);
}
}
Thank you, we should have the update out this week 🙂
Hi,
meanwhile i noticed that my changes led to bypass the captcha on the login page (with wrong letters, empty field wont bypass) so i removed the action parameter condition entirely:
if (!session_id()) {
if ( $GLOBALS['pagenow'] === 'wp-login.php' ) {
session_start();
} else {
@session_start(['read_and_close' => true]);
}
}
So that solution maybe needs more testing on other occurances then on the login page. Is it used elsewhere or somehow for loggedin users?
We will have an update out soon that uses cookies instead of session so it should resolve all the issues in a better way.