Proper use of $_SESSION in WordPress/PHP/AJAX example
-1
I was wondering is this a proper way to use $_SESSION. My code is working fine, but I read a lot about how use of $_SESSION should be avoided, and how it's usage can make security holes in code, so I wanted to double-check my code here.
- In the beginning of the file, I am doing session_start();
- In the second step, I am getting array data from AJAX call, and saving it in $_SESSION variable
- In the third step, I am using data I added to $_SESSION variable in previous step, and doing unset on it in the end
- In the last step, I am doing session_destroy();
This is how it looks:
<?php
session_start();
if ( !class_exists( 'TBYB_public' ) ) {
class TBYB_public
{
public static function on_load()
{
add_action('plugins_loaded', array(__CLASS__, 'init'));
}
public static function init()
{
/* I am adding array data here to $_SESSION variable */
add_action('wp_ajax_return_reason', array(__CLASS__, 'select_return_reason'));
/* I am using data I added to $_SESSION variable in previous step, and doing unset on it in the end */
add_filter('woocommerce_get_cart_item_from_session', array(__CLASS__, 'update_cart_items_data'), 10, 3);
/* I am doing session_destroy(); here */
add_action('woocommerce_add_order_item_meta', array(__CLASS__, 'save_in_order_item_meta'), 10, 3);
/*
* Catch return reason sent by AJAX and save it to php session variable
* */
public static function select_return_reason()
{
$i = 0;
$return_reasons = array();
$cart_items = WC()->cart->get_cart();
foreach ($cart_items as $cart_item_key => $cart_item) {
array_push($return_reasons, tbyb_prepare($_POST[$cart_item_key]));
foreach ($return_reasons as $reason_key => $return_reason) {
if ($i == $reason_key) {
if (!$return_reason == '') {
$item_id = $cart_item['key'];
$_SESSION += [$item_id => $return_reason];
}
}
}
$i++;
}
wp_die();
}
/*
* Update cart items data
* */
public static function update_cart_items_data($item, $cart_item, $key)
{
if (isset($_SESSION[$key])) {
$item['return_data']['label'] = "<span class='tbyb-returned'>RETURNED</span> - Reason";
$item['return_data']['value'] = $_SESSION[$key];
unset($_SESSION[$key]);
}
return $item;
}
/*
* Save item custom fields label and value as order item meta data
* */
public static function save_in_order_item_meta($item_id, $values, $cart_item_key)
{
if (isset($values['return_data']) && ($values['return_data']['value'] !== 'Keep')) {
wc_add_order_item_meta($item_id, $values['return_data']['label'], $values['return_data']['value']);
}
session_destroy();
}
}
}
I was wondering is this a proper way to use $_SESSION in this WordPress/PHP/AJAX situation, and if not, what would be the better solution for this?
php ajax wordpress
asked Nov 27 '18 at 18:34
Tahi Reu
44
add a comment |
-1
I was wondering is this a proper way to use $_SESSION. My code is working fine, but I read a lot about how use of $_SESSION should be avoided, and how it's usage can make security holes in code, so I wanted to double-check my code here.
- In the beginning of the file, I am doing session_start();
- In the second step, I am getting array data from AJAX call, and saving it in $_SESSION variable
- In the third step, I am using data I added to $_SESSION variable in previous step, and doing unset on it in the end
- In the last step, I am doing session_destroy();
This is how it looks:
<?php
session_start();
if ( !class_exists( 'TBYB_public' ) ) {
class TBYB_public
{
public static function on_load()
{
add_action('plugins_loaded', array(__CLASS__, 'init'));
}
public static function init()
{
/* I am adding array data here to $_SESSION variable */
add_action('wp_ajax_return_reason', array(__CLASS__, 'select_return_reason'));
/* I am using data I added to $_SESSION variable in previous step, and doing unset on it in the end */
add_filter('woocommerce_get_cart_item_from_session', array(__CLASS__, 'update_cart_items_data'), 10, 3);
/* I am doing session_destroy(); here */
add_action('woocommerce_add_order_item_meta', array(__CLASS__, 'save_in_order_item_meta'), 10, 3);
/*
* Catch return reason sent by AJAX and save it to php session variable
* */
public static function select_return_reason()
{
$i = 0;
$return_reasons = array();
$cart_items = WC()->cart->get_cart();
foreach ($cart_items as $cart_item_key => $cart_item) {
array_push($return_reasons, tbyb_prepare($_POST[$cart_item_key]));
foreach ($return_reasons as $reason_key => $return_reason) {
if ($i == $reason_key) {
if (!$return_reason == '') {
$item_id = $cart_item['key'];
$_SESSION += [$item_id => $return_reason];
}
}
}
$i++;
}
wp_die();
}
/*
* Update cart items data
* */
public static function update_cart_items_data($item, $cart_item, $key)
{
if (isset($_SESSION[$key])) {
$item['return_data']['label'] = "<span class='tbyb-returned'>RETURNED</span> - Reason";
$item['return_data']['value'] = $_SESSION[$key];
unset($_SESSION[$key]);
}
return $item;
}
/*
* Save item custom fields label and value as order item meta data
* */
public static function save_in_order_item_meta($item_id, $values, $cart_item_key)
{
if (isset($values['return_data']) && ($values['return_data']['value'] !== 'Keep')) {
wc_add_order_item_meta($item_id, $values['return_data']['label'], $values['return_data']['value']);
}
session_destroy();
}
}
}
I was wondering is this a proper way to use $_SESSION in this WordPress/PHP/AJAX situation, and if not, what would be the better solution for this?
php ajax wordpress
asked Nov 27 '18 at 18:34
Tahi Reu
44
add a comment |
-1
-1
-1
I was wondering is this a proper way to use $_SESSION. My code is working fine, but I read a lot about how use of $_SESSION should be avoided, and how it's usage can make security holes in code, so I wanted to double-check my code here.
- In the beginning of the file, I am doing session_start();
- In the second step, I am getting array data from AJAX call, and saving it in $_SESSION variable
- In the third step, I am using data I added to $_SESSION variable in previous step, and doing unset on it in the end
- In the last step, I am doing session_destroy();
This is how it looks:
<?php
session_start();
if ( !class_exists( 'TBYB_public' ) ) {
class TBYB_public
{
public static function on_load()
{
add_action('plugins_loaded', array(__CLASS__, 'init'));
}
public static function init()
{
/* I am adding array data here to $_SESSION variable */
add_action('wp_ajax_return_reason', array(__CLASS__, 'select_return_reason'));
/* I am using data I added to $_SESSION variable in previous step, and doing unset on it in the end */
add_filter('woocommerce_get_cart_item_from_session', array(__CLASS__, 'update_cart_items_data'), 10, 3);
/* I am doing session_destroy(); here */
add_action('woocommerce_add_order_item_meta', array(__CLASS__, 'save_in_order_item_meta'), 10, 3);
/*
* Catch return reason sent by AJAX and save it to php session variable
* */
public static function select_return_reason()
{
$i = 0;
$return_reasons = array();
$cart_items = WC()->cart->get_cart();
foreach ($cart_items as $cart_item_key => $cart_item) {
array_push($return_reasons, tbyb_prepare($_POST[$cart_item_key]));
foreach ($return_reasons as $reason_key => $return_reason) {
if ($i == $reason_key) {
if (!$return_reason == '') {
$item_id = $cart_item['key'];
$_SESSION += [$item_id => $return_reason];
}
}
}
$i++;
}
wp_die();
}
/*
* Update cart items data
* */
public static function update_cart_items_data($item, $cart_item, $key)
{
if (isset($_SESSION[$key])) {
$item['return_data']['label'] = "<span class='tbyb-returned'>RETURNED</span> - Reason";
$item['return_data']['value'] = $_SESSION[$key];
unset($_SESSION[$key]);
}
return $item;
}
/*
* Save item custom fields label and value as order item meta data
* */
public static function save_in_order_item_meta($item_id, $values, $cart_item_key)
{
if (isset($values['return_data']) && ($values['return_data']['value'] !== 'Keep')) {
wc_add_order_item_meta($item_id, $values['return_data']['label'], $values['return_data']['value']);
}
session_destroy();
}
}
}
I was wondering is this a proper way to use $_SESSION in this WordPress/PHP/AJAX situation, and if not, what would be the better solution for this?
php ajax wordpress
asked Nov 27 '18 at 18:34
Tahi Reu
44
I was wondering is this a proper way to use $_SESSION. My code is working fine, but I read a lot about how use of $_SESSION should be avoided, and how it's usage can make security holes in code, so I wanted to double-check my code here.
- In the beginning of the file, I am doing session_start();
- In the second step, I am getting array data from AJAX call, and saving it in $_SESSION variable
- In the third step, I am using data I added to $_SESSION variable in previous step, and doing unset on it in the end
- In the last step, I am doing session_destroy();
This is how it looks:
<?php
session_start();
if ( !class_exists( 'TBYB_public' ) ) {
class TBYB_public
{
public static function on_load()
{
add_action('plugins_loaded', array(__CLASS__, 'init'));
}
public static function init()
{
/* I am adding array data here to $_SESSION variable */
add_action('wp_ajax_return_reason', array(__CLASS__, 'select_return_reason'));
/* I am using data I added to $_SESSION variable in previous step, and doing unset on it in the end */
add_filter('woocommerce_get_cart_item_from_session', array(__CLASS__, 'update_cart_items_data'), 10, 3);
/* I am doing session_destroy(); here */
add_action('woocommerce_add_order_item_meta', array(__CLASS__, 'save_in_order_item_meta'), 10, 3);
/*
* Catch return reason sent by AJAX and save it to php session variable
* */
public static function select_return_reason()
{
$i = 0;
$return_reasons = array();
$cart_items = WC()->cart->get_cart();
foreach ($cart_items as $cart_item_key => $cart_item) {
array_push($return_reasons, tbyb_prepare($_POST[$cart_item_key]));
foreach ($return_reasons as $reason_key => $return_reason) {
if ($i == $reason_key) {
if (!$return_reason == '') {
$item_id = $cart_item['key'];
$_SESSION += [$item_id => $return_reason];
}
}
}
$i++;
}
wp_die();
}
/*
* Update cart items data
* */
public static function update_cart_items_data($item, $cart_item, $key)
{
if (isset($_SESSION[$key])) {
$item['return_data']['label'] = "<span class='tbyb-returned'>RETURNED</span> - Reason";
$item['return_data']['value'] = $_SESSION[$key];
unset($_SESSION[$key]);
}
return $item;
}
/*
* Save item custom fields label and value as order item meta data
* */
public static function save_in_order_item_meta($item_id, $values, $cart_item_key)
{
if (isset($values['return_data']) && ($values['return_data']['value'] !== 'Keep')) {
wc_add_order_item_meta($item_id, $values['return_data']['label'], $values['return_data']['value']);
}
session_destroy();
}
}
}
I was wondering is this a proper way to use $_SESSION in this WordPress/PHP/AJAX situation, and if not, what would be the better solution for this?
php ajax wordpress
php ajax wordpress
asked Nov 27 '18 at 18:34
Tahi Reu
44
asked Nov 27 '18 at 18:34
Tahi Reu
44
asked Nov 27 '18 at 18:34
Tahi Reu
44
asked Nov 27 '18 at 18:34
Tahi Reu
44
asked Nov 27 '18 at 18:34
Tahi Reu
44
44
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
});
});
}, "mathjax-editing");
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "196"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f208554%2fproper-use-of-session-in-wordpress-php-ajax-example%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
draft saved
draft discarded
Thanks for contributing an answer to Code Review Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f208554%2fproper-use-of-session-in-wordpress-php-ajax-example%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
