Forcing PHP Sessions on all pages #52
Description
Using session_start() or ob_start() in your plugin without having it encapsulated in a function means that it will run on every single page load when your plugin is active. Sadly the way PHP Sessions work is they indicate the visitor using sessions is unique and should have a non-cached view of the website.
That means the use of sessions breaks server based caching such as nginx and Varnish. Those types of services are heavily used by managed WordPress hosts, which means your plugin may wind up prohibited on those hosts.
We would greatly prefer that not to happen for you, as it could be detrimental to your plugin’s adoption and user base.
Please remove this from your plugin, or put it only in the function that absolutely must have it.
If you cannot remove it, then you are required to document that use of your plugin may conflict with server based cache services, and you cannot support it’s use on those servers.
This is for your own protection.
Example(s) from your plugin:
includes/class-paybutton-public.php:263 session_start();
includes/class-paybutton-ajax.php:152 session_start();
includes/class-paybutton-ajax.php:190 session_start();
includes/class-paybutton-ajax.php:212 session_start();
paybutton.php:50 session_start();