How to pass users back and forth using session data?

I have applications that I wrote that use SAML and then a user database to define permissions for them all. And basically once a user signs on via our SSO they can use the applications with their defined perms.

I want to do the same thing for WP. Where do I start? I would like WP to recognize their session username before they login and then create wordpress cookie. I saw a root cookie plugin that would pass the user info to other wp sites but how about getting the session username to begin with?

I would like users to come to WP site and see that they are logged in with their username but I am open for other ways too.

Right now what is given to me for SAML authentication is:

  • app url: redirect to the SSO sign in
  • app key: hash to encrypt
  • uid
  • firstname
  • lastname
  • email
  • time (POST time is used for validation)

Note: I have just tried using the SAML2 plugin for WP. First it is a beta plugin and very confusing. Second I keep getting fatal error that it cannot find IDP information.

Would really just like to take the session uid I have an log a person in using that.

Solutions Collecting From Web of "How to pass users back and forth using session data?"

If you will work with sessions, then init this at first in your plugin, theme.

add_action( 'init', 'my_start_session' );

function my_start_session() {

    if ( session_id() )
        return;

    @session_cache_limiter('private, must-revalidate'); //private_no_expire
    @session_cache_expire(0);
    @session_start();
}

Alternative use the library from Eric Mann: WP Session Manager, also his tutorial.

I have a really simple script that is linked https://wordpress.stackexchange.com/questions/154802/what-do-i-need-to-do-to-fully-integrate-a-custom-session-login-into-wp.

Basically I am assuming that your SSO is secure, that you have the users in your database, and that you don’t need to keep the session alive except for authentication. From my standpoint I just want to pass the user onto WP and let the WP user system do the rest. Hope this helps others doing session logins.