Give 2.2.0 – Revamp Session

In Give version 2.2.0, we are updating how Give stores and handles sessions. The issue with the pre-2.2.0 Give_Session class is that it sets a cookie on each page load. This means it is difficult to fully cache a page with a donation form embedded on it. For some sites this can be every page. This issue causes slowness and makes it more difficult to use Give in a high traffic environment where caching is a necessity.

To fix the issue with the existing session we changed the session code base with backward compatibility. You can read the discussion in detail: We have thoroughly tested the new session handling method with multiple hosting environments, WordPress caching plugins and server caching systems. Read more about it:

A few important points of the new session codebase:

  1. Donor session data stores permanently in the database  in `{wpdb_prefix}_give_sessions` table.
  2. Registered Donor session data will automatically delete when the donor logs out.
  3. Guest/Registered donor expired session data will be automatically deleted daily.
  4. The Donor’s session starts when give_process_donation_after_validation action hook is fired. This hook fires after field validation completes upon form submission (more specifically, after AJAX validation completes).
  5. A unique ID will be assigned to each donor when the session starts.
  6. Any existing nonce will be expired after session start for a guest donor because we are using a unique donor id to generate the nonce.

We deprecated the following constant, params and methods within Give_Session since we are storing donor session in the database instead of using PHP sessions:

  1. Deprecated GIVE_USE_PHP_SESSIONS because we are not using PHP session
  2. Deprecated use_php_sessions function (related to point 1). This function returns false with a warning which stores in debug.log if WP_DEBUG is enabled.
  3. Deprecated should_start_session function because the session will only start if the donor is processing donation instead of each page.
  4. Deprecated set_expiration_variant_time because we are internally handling cookie expiration.
  5. Deprecated get_id function (related to point 1)

Note: If you want to start the session before Give core then you have to update all nonce in donation form otherwise you will get a “nonce verification failed” notice. To do this you can use maybe_start_session of Give_Session class function to start the session manually and Give.form.fn.resetAllNonce javascript function to reset all nonces.

Important: There are a number of add-on updates that are releasing alongside Core 2.2.0 which needed to be updated to account for the new method of handling sessions. Please update your add-ons to the latest version for full compatibility.

If you notice any issues please feel free to create an issue on GitHub. Thanks! 🙂


Ravinder Kumar

Open source lover, the father of a daughter, continually improving developer, and Senior WordPress Engineer at GiveWP.


Leave a Comment