Select Page

Sessions
Changelog

All notable changes to Sessions are documented in this changelog.

The format is based on Keep a Changelog, and Sessions adheres to Semantic Versioning.

[3.1.1] - 2024-12-11

Fixed

  • [SEC006] XSS vulnerability.

[3.1.0] - 2024-11-22

Added

  • Compatibility with WordPress 6.6 & 6.7.

Changed

  • Ability to self-update from Github.
  • The plugin user agent is now more consistent and "standard".

Fixed

  • There's a WordPress core "feature" which causes some PII to leak (to wp.org) during plugin and theme updates. This is no more the case for this plugin.
  • In some cases, a WordPress notice can be triggered concerning the loading sequence of translations.

Removed

  • Test site launching from wordpress.org plugin page.
  • All Databeam hooks and libraries, as the Databeam project is abandoned.
  • Dependency on wp.org for updates.

[3.0.1] - Not Yet Released

Changed

  • Better rendering for advanced settings.

[3.0.0] - 2024-05-28

Added

  • [BC] To enable installation on more heterogeneous platforms, the plugin now adapts its internal logging mode to already loaded libraries.

Changed

  • Updated DecaLog SDK from version 4.1.0 to version 5.0.0.

Fixed

  • PHP error with some plugins like Woocommerce Paypal Payments.

[2.14.0] - 2024-05-07

Changed

  • The plugin now adapts its requirements to the PSR-3 loaded version.

[2.13.3] - 2024-05-04

Fixed

  • PHP error when DecaLog is not installed.

[2.13.2] - 2024-05-04

Fixed

  • PHP error when DecaLog is not installed.

[2.13.1] - 2024-05-04

Changed

  • Updated DecaLog SDK from version 3.0.0 to version 4.1.0.
  • Minimal required WordPress version is now 6.2.

[2.13.0] - 2024-03-02

Added

  • Compatibility with WordPress 6.5.

Changed

  • Minimal required WordPress version is now 6.1.
  • Minimal required PHP version is now 8.1.

[2.12.0] - 2023-10-25

Added

  • Compatibility with WordPress 6.4.

Fixed

  • With PHP 8.2, in some edge cases, deprecation warnings may be triggered when viewing analytics.

[2.11.0] - 2023-07-12

Added

  • Compatibility with WordPress 6.3.

Changed

  • The color for shmop test in Site Health is now gray to not worry to much about it (was previously orange).

[2.10.0] - 2023-04-28

Added

  • New blocking type "fallback page" to redirect user when he/she is not authorized to login (thanks to drmustafa1).

Changed

  • Improved speed of sessions lookup on large WordPress users base.
  • Improved messages handling.
  • Details added (in the UI) about allowing logins from all/public/private IP ranges.

[2.9.1] - 2023-03-02

Fixed

[2.9.0] - 2023-02-24

The developments of PerfOps One suite, of which this plugin is a part, is now sponsored by Hosterra.

Hosterra is a web hosting company I founded in late 2022 whose purpose is to propose web services operating in a European data center that is water and energy efficient and ensures a first step towards GDPR compliance.

This sponsoring is a way to keep PerfOps One plugins suite free, open source and independent.

Added

  • Compatibility with WordPress 6.2.

Changed

  • Improved loading by removing unneeded jQuery references in public rendering (thanks to Kishorchand).

Fixed

  • In some edge-cases, detecting IP may produce PHP deprecation warnings (thanks to YR Chen).

[2.8.0] - 2022-10-06

Added

  • Compatibility with WordPress 6.1.
  • [WPCLI] The results of wp sessions commands are now logged in DecaLog.

Changed

  • Improved ephemeral cache in analytics.
  • [WPCLI] The results of wp sessions commands are now prefixed by the product name.

Fixed

[2.7.0] - 2022-04-20

Added

  • Compatibility with WordPress 6.0.

Changed

  • Site Health page now presents a much more realistic test about object caching.
  • Updated DecaLog SDK from version 2.0.2 to version 3.0.0.

Fixed

[2.6.2] - 2022-01-17

Fixed

  • The Site Health page may launch deprecated tests.

[2.6.1] - 2022-01-17

Fixed

  • There may be name collisions with internal APCu cache.
  • An innocuous Mysql error may be triggered at plugin activation.

[2.6.0] - 2021-12-28

Added

  • Compatibility with PHP 8.1.
  • New option to delete all sessions of users resetting their passwords (thanks to mrdexters1 for the suggestion).

Changed

  • Charts allow now to display more than 2 months of data.
  • Improved timescale computation and date display for all charts.
  • Refactored cache mechanisms to fully support Redis and Memcached.
  • Bar charts have now a resizable width.
  • Updated DecaLog SDK from version 2.0.0 to version 2.0.2.
  • Updated PerfOps One library from 2.2.1 to 2.2.2.
  • Improved bubbles display when width is less than 500px (thanks to Pat Ol).
  • The tables headers have now a better contrast (thanks to Paul Bonaldi).

Fixed

  • Object caching method may be wrongly detected in Site Health status (thanks to freshuk).
  • The console menu may display an empty screen (thanks to Renaud Pacouil).

[2.5.0] - 2021-12-07

Added

  • Compatibility with WordPress 5.9.
  • New button in settings to install recommended plugins.
  • The available hooks (filters and actions) are now described in HOOKS.md file.

Changed

  • Improved update process on high-traffic sites to avoid concurrent resources accesses.
  • Better publishing frequency for metrics.
  • [BC] The filter perfopsone_advanced_controls has been renamed in perfopsone_show_advanced for consistency reasons.
  • X axis for graphs have been redesigned and are more accurate.
  • Updated labels and links in plugins page.
  • Updated the README.md file.

Fixed

  • Country translation with i18n module may be wrong.
  • Plugin's advanced settings are not translatable.

[2.4.1] - 2021-09-20

Changed

  • The sessions list now displays all users' roles (thanks to ShamiraO).

Fixed

  • [SEC002] In some cases, "cumulative privileges" maybe interpreted as "least privileges" (thanks to ShamiraO).
  • With multiple roles per user, session idle time (when less than one hour) may be wrongly computed.

[2.4.0] - 2021-09-07

Added

  • It's now possible to hide the main PerfOps One menu via the poo_hide_main_menu filter or each submenu via the poo_hide_analytics_menu, poo_hide_consoles_menu, poo_hide_insights_menu, poo_hide_tools_menu, poo_hide_records_menu and poo_hide_settings_menu filters (thanks to Jan Thiel).

Changed

  • Updated DecaLog SDK from version 1.2.0 to version 2.0.0.
  • Improved message in case there's no session to delete.

Fixed

  • There may be name collisions for some functions if version of WordPress is lower than 5.6.
  • The main PerfOps One menu is not hidden when it doesn't contain any items (thanks to Jan Thiel).
  • In some very special conditions, the plugin may be in the default site language rather than the user's language.
  • The PerfOps One menu builder is not compatible with Admin Menu Editor plugin (thanks to dvokoun).

[2.3.1] - 2021-08-11

Changed

Fixed

  • In some conditions, the plugin may be in the default site language rather than the user's language.

[2.3.0] - 2021-06-22

Added

  • Compatibility with WordPress 5.8.
  • Integration with DecaLog SDK.
  • Traces and metrics collation and publication.
  • It's now possible to customize messages in case of forbidden access (thanks to Jon Cuevas).
  • New option, available via settings page and wp-cli, to disable/enable metrics collation.

Changed

  • It's now possible to set an idle time of 15, 30 and 45 minutes (thanks to pgray).
  • Improved internal IP detection: support for cloud load balancers.
  • It's now possible to set from 1 to 9 sessions per user.
  • [WP-CLI] sessions status command now displays DecaLog SDK version too.

Fixed

[2.2.0] - 2021-02-24

Added

  • Compatibility with WordPress 5.7.
  • New values and more granularity for cookie durations and idle timeouts.

Changed

  • Consistent reset for settings.
  • Improved translation loading.
  • [WP_CLI] sessions command have now a definition and all synopsis are up to date.

Fixed

  • In Site Health section, Opcache status may be wrong (or generates PHP warnings) if OPcache API usage is restricted.

[2.1.0] - 2020-12-03

Added

  • Compatibility with WPS Hide Login.
  • Compatibility with Loginizer.
  • Compatibility with LifterLMS.

Fixed

  • Sorting sessions by "idle" field may produce errors.
  • Limiter may fail to limit with some early-initializer plugins (thanks to vadimfish).

[2.0.0] - 2020-11-28

Added

  • [WP-CLI] New command to manage active sessions: see wp help sessions active for details.
  • [WP-CLI] New command to set role operation mode: see wp help sessions mode for details.
  • [WP-CLI] New command to toggle on/off main settings: see wp help sessions settings for details.
  • [WP-CLI] New command to display Sessions status: see wp help sessions status for details.
  • [WP-CLI] New command to display Sessions: see wp help sessions analytics for details.
  • Privileges computation can be set as 'cumulative' or 'least' on sites using multiple roles per users. May be a breaking change if you're in this case, please verify your settings.
  • New failsafe for auth_cookie_expired hook to avoid infinite loops.
  • New Site Health "info" section about shared memory.
  • Compatibility with WordPress 5.6.

Changed

  • The analytics dashboard now displays a warning if analytics features are not activated.
  • Improvement in privileges computation and enforcement.
  • Improvement in the way roles are detected.
  • Improved layout for language indicator.
  • If GeoIP support is not done via IP Locator, the flags are now correctly downgraded to emojis.
  • Anonymous proxies, satellite providers and private networks are now fully detected when IP Locator is installed.
  • Admin notices are now set to "don't display" by default.
  • Improved IP detection (thanks to Ludovic Riaudel).
  • Improved changelog readability.
  • The integrated markdown parser is now Markdown from Carsten Brandt.
  • Prepares PerfOps menus to future versions.

Fixed

  • [SEC001] User may be wrongly detected in XML-RPC or Rest API calls.
  • The remote IP can be wrongly detected when behind some types of reverse-proxies.
  • The count of cleaned sessions may be wrong when "Delete All Sessions" is used.
  • In admin dashboard, the statistics link is visible even if analytics features are not activated.
  • With Firefox, some links are unclickable in the Control Center (thanks to Emil1).
  • When site is in english and a user choose another language for herself/himself, menu may be stuck in english.
  • Some graph labels are wrong.
  • The analytics page contains unclosed HTML tags.

Removed

  • Parsedown as integrated markdown parser.
  • Strict vs. permissive mode "feature" as the plugin is now pretty stable.

[1.2.0] - 2020-08-27

Added

  • Compatibility with WordPress 5.5.
  • Enhanced compatibility with Jetpack SSO.
  • Support for data feeds - reserved for future use.

Changed

  • The positions of PerfOps menus are pushed lower to avoid collision with other plugins (thanks to Loïc Antignac).

Fixed

  • There's a PHP warning when an admin log in for the first time.
  • While connecting via SSO, cookie durations may be wrongly computed.

Removed

  • Support for the "Block and send a WordPress error" method when Jetpack SSO is used (because Jetpack SSO can't handle it).

[1.1.4] - 2020-06-29

Changed

  • In sessions list (tools), clicking on the user name now redirects to its profile edit page.
  • Full compatibility with PHP 7.4.
  • Automatic switching between memory and transient when a cache plugin is installed without a properly configured Redis / Memcached.

Fixed

  • When a session is already expired, the time detail in sessions list may be blank.

[1.1.3] - 2020-05-22

Changed

  • KPI for active sessions is now a ratio.
  • Better consistency between KPI and chart for active sessions.
  • Better consistency between KPI and chart for cleaned sessions.
  • Better precision for cleaned sessions breakdown.

[1.1.2] - 2020-05-15

Changed

  • Supports now Wordfence alerting system inconsistency.

Fixed

  • When used for the first time, settings checkboxes may remain checked after being unchecked.
  • When Wordfence locks out an account, a warning maybe wrongly sent to DecaLog.

[1.1.1] - 2020-05-05

Changed

  • Expired sessions cookies are now counted as cleaned sessions.

Fixed

  • There's an error while activating the plugin when the server is Microsoft IIS with Windows 10.
  • The counted deleted user may be wrong in KPIs.
  • Batch sessions deletion are wrongly counted.
  • With Microsoft Edge, some layouts may be ugly.

[1.1.0] - 2020-04-12

Added

  • It's now possible to set the maximum number of IP addresses per user.
  • It's now possible to override the (weak) WordPress IP detection (this setting is strongly recommended).
  • It's now possible to refresh IP when a session is resumed (this setting is strongly recommended).
  • Now compatible with Jetpack SSO.
  • Now compatible with Next Active Directory Integration SSO.
  • Compatibility with DecaLog early loading feature.
  • Full integration with IP Locator.
  • Integration with Wordfence.
  • Partial compatibility with miniOrange SAML SSO.

Changed

  • Active sessions deleted by an admin are now counted as cleaned sessions.
  • In site health "info" tab, the boolean are now clearly displayed.
  • Better display of KPIs when there's no (or not yet) data to compute.

Fixed

  • Some typos in the settings screen.

Removed

  • Dependency to "Geolocation IP Detection" plugin. Nevertheless, this plugin can be used as a fallback solution.
  • Flagiconcss as library. If there's no other way, flags will be rendered as emoji.

[1.0.0] - 2020-03-24

Initial release

Contribution

Do you want to make Sessions a better plugin?
Whether you are a developer or not, you can help me to do it...

Support & Help

I?ll be glad to help you if you encounter issues with this plugin. Just use the support section of the WordPress directory.