Hey Guys,
I wonder why WPforo doesn't destroy/close all sessions after logout?
I have added a screenshot; Before, after login, and after logged-out.
Thanks.
Hi @beyondforce,
WordPress and wpForo don't use session for login and logout. wpForo is based on WordPress cookie authorization. There is no any information on PHP session about login users. Because the PHP session is only used for Error and Action messages in top right corner of your website. This is the only reason why wpForo initiate and use the sessions. It doesn't have any relation to authorization functions so it's not descried when you logout. The logout process is being done by WordPress core functions, which just remove cookie based information. Again, the PHP session is not used for login status.
More info: https://www.securitysift.com/understanding-wordpress-auth-cookies/
Hey @martin,
Thanks for your reply.
I'm asking about it because before the user login, it receives a cache version of my site and the site loads very fast (400-600ms).
When a user is logged-in, there is no more cache and the site is loading slower (as expected).
But, after the user is logged-out, the site keeps loading slow. My hosting supports are saying "In order to return to server caching responses, the PHP session cookies need to be cleared out."
I'm trying to figure out what blocks the browser to return to server caching after logout.
I'm using ARmember as well for user registration and login, so it might be this plugin that blocks the server cache.
Thanks again.
Cheers / Ben
Ok, I see. But as always we recommend exclude wpForo from your cache plugins
The issue of login/logout is also related to cache plugins. Not only cache plugins, but also cache systems of hostings. If you use cache plugin please read this support topics:
- https://wpforo.com/community/faq/wpforo-and-cache-plugins/
- https://wpforo.com/community/faq/login-problem-menu-is-not-changed-and-weird-logged-in-behaviour/
And yes, we're going to remove the session from wpForo even if it only working for top-right corner messages and action notifications. We'll totally remove this session function from wpForo in upcoming versions. But at this moment, we recommend exclude wpForo forum home page from your caching systems.
I'm ONLY using server caching and I have no other cache plugins!
WPforo page is also excluded from the cache, but this problem is affecting all my site's pages.
My hosing and I are not sure yet where the problem is, but your future solution to remove this session function from wpForo in the upcoming versions sounds good.
Are we talking about months or weeks?
Ben.
You can test it right now.
Just open this file:
/wp-content/plugins/wpforo/wpf-includes/class-notices.php
Find this code:
private function init(){
if( !wpforo_is_session_started() && ( !is_admin() || (!empty($_GET['page']) && strpos($_GET['page'], 'wpforo-') !== false ) || (wpforo_is_ajax() && !empty($_POST['action']) && false !== strpos($_POST['action'], 'wpforo')) )) session_start();
}
Change it to this:
private function init(){
//if( !wpforo_is_session_started() && ( !is_admin() || (!empty($_GET['page']) && strpos($_GET['page'], 'wpforo-') !== false ) || (wpforo_is_ajax() && !empty($_POST['action']) && false !== strpos($_POST['action'], 'wpforo')) )) session_start();
}
Don't forget to close all tabs of browsers, then close it and open again when you test it. Closing browser with all tabs will delete the session.
I always do that!
Well, I just tested it and it didn't make a difference. I can give you access to my site if you want to check it out?
We've nothing to check, because the only point it may be related to wpForo is the function I asked you to change. There is no any other relation to wpForo, so we don't have any point to check.