Session Shredder for WooCommerce

Session Shredder is a production-grade, rule-based session cleanup plugin for WooCommerce 10.3+.

WooCommerce 10.3 introduces experimental guest session storage and auto-pruning. Session Shredder builds directly on this already available foundation and adds behavior-based heuristics that predict which sessions are zombies (safe to prune) versus keepers (should be retained).

Highlights

– Heuristic pruning – Uses anonymized features (session age, pageviews, cart value, etc.) and conservative rules to identify low-value sessions.
– Configurable rules & thresholds – Tune base age, hard timeout, bounce detection, and cart-protection rules from a dedicated WooCommerce settings screen.
– Safe thresholds – Only considers sessions past a base age window and is biased towards keeping anything that shows meaningful activity or cart value.
– Robust behavior – Even if tracking data is sparse, a conservative rule-based strategy kicks in (e.g. hard 72h timeout, bounces with no cart value).
– Privacy-first – No PII is stored. Session IDs and countries are hashed; only coarse behavioral data is used.
– Native Woo 10.3 integration – Reads from the WooCommerce session table (supports both legacy and new tables) and plays nicely with the core experimental pruning.
– HPOS compatible – Declares compatibility with WooCommerce High-Performance Order Storage (custom order tables) and never touches orders, only session data.
– Admin dashboard – Under WooCommerce → Session Shredder you get active sessions, pruned counts, a Chart.js visualization of active & pruned sessions per run, and a compact “Recent runs” summary.
– Logging & observability – Uses wc_get_logger() for info/error logging; integrates cleanly with existing WooCommerce logs.

Session Shredder is structured for real-world stores and designed as a companion to WooCommerce’s experimental guest session engine. It stays fully rule-based out of the box, but developers can extend it via hooks if they ever want to plug in external scoring services or AI endpoints.

Why not rely only on the WooCommerce experimental pruning?

– Core experimental pruning is largely age-based and opaque.
– Session Shredder adds behavior-aware rules (pageviews, cart value, bounce flag) on top of age.
– You get a dry-run mode to analyze impact before deleting anything.
– The dashboard gives you visibility into how many sessions were pruned per run and how many sessions remained active.
– WP-CLI commands let you script and automate analyze/prune runs.
– It works alongside WooCommerce experimental guest sessions and HPOS rather than replacing them: Woo can still prune based on its own rules, while Session Shredder adds a tunable, rule-based layer with better reporting.

How It Works

1. Feature collection
   – On each page load, Session Shredder tracks session activity:
   – Session age (hours since first seen)
   – Pageviews count
   – Cart value (numeric)
   – Whether anything was added to cart
   – Geolocation hash (hashed billing/shipping country)
   – Simple bounce indicator (single pageview, no cart)
   – Features are stored per-session in non-autoloaded options and never include raw session IDs or user identifiers.

2. Rule-based pruning
   – An hourly cron (session_shredder_cron) scans the WooCommerce session table for candidates based on age.
   – For each candidate, the plugin:
   – Loads stored features
   – Applies conservative rules like:
   – Session older than a hard timeout window (e.g. 72 hours)
   – Single pageview and no cart value
   – If the rules deem the session a low-value “zombie”, it is pruned.

3. Stats & visualization

   – After each real run, Session Shredder records:
   – Total pruned sessions (lifetime and today)
   – A short history of recent runs, including how many sessions were pruned and how many remained active before/after each run
   – The admin dashboard renders a Chart.js line graph of active & pruned sessions per run via a secure AJAX endpoint, plus a compact “Recent runs” table.

For developers

Session Shredder exposes a small set of hooks and CLI commands so you can integrate it into more advanced workflows without forking the plugin.

Hooks

– session_shredder_features( array $features, string $session_hash )
– Filter the behavior feature array before it is stored and later used for pruning decisions.
– $session_hash is a hashed identifier of the session (no raw IDs or PII).

– session_shredder_base_age_hours( float $base_age_hours )
– Adjust the base age window (in hours) before sessions are considered as prune candidates.

– session_shredder_should_prune( bool $should_prune, array $features )
– Override or refine the core rule-based decision for a given session.

– session_shredder_feature_options_soft_limit( int $soft_limit )
– Adjust the soft cap for how many per-session feature options (session_shredder_features_*) are kept in wp_options before garbage collection trims the oldest entries.

– session_shredder_feature_options_gc_batch( int $batch_size )
– Adjust how many feature options are removed per garbage-collection pass when the soft limit is exceeded. Larger values clean up faster; smaller values spread work over more runs.

– session_shredder_before_run( float $base_age_hours, bool $dry_run )
– Fires before a prune run (cron, manual, or CLI) starts.

– session_shredder_after_run( int $pruned_count, bool $dry_run )
– Fires after a prune run completes (dry-run or real).

– session_shredder_pruned( int $pruned_count )
– Fires after a real prune run that actually deletes sessions; useful for logging or additional cleanup.

WP-CLI commands

If WP-CLI is available, Session Shredder registers the following commands:

– wp session-shredder analyze
– Performs a dry run using the current rules and settings.
– Outputs the total number of sessions and how many would be pruned, without deleting anything.

– wp session-shredder prune
– Runs a real prune using the current rules and settings.
– Deletes matching sessions, updates stats, and logs a summary.

1. Upload the session-shredder folder to /wp-content/plugins/.
2. Activate Session Shredder through the Plugins screen in WordPress.
3. Ensure WooCommerce 10.3+ is active. If not, the plugin will display an admin notice and remain idle.
4. (Optional) Extend the plugin via custom code and filters if you want to plug in your own external scoring service or additional heuristics.

Will this delete active customer carts?

The plugin is deliberately conservative:

– It operates only on sessions past a base age window (48 hours by default).
– It uses features like cart value and pageviews to decide.

No heuristic is perfect, but the design goal is fewer false prunes than WooCommerce core alone.

What data is stored by the plugin?

Only anonymized, behavioral features:

– Age in hours
– Pageviews count
– Cart value (numeric)
– Boolean flags (added_to_cart, bounce)

No names, emails, raw IPs, or raw session IDs are stored by the plugin itself. It only works with coarse, behavior-level data such as age, pageviews, and cart totals.

How does this work with WooCommerce experimental guest sessions and HPOS?

Session Shredder is designed as a companion to WooCommerce 10.3+ experimental guest sessions:

– On activation it opts your store into WooCommerce’s experimental guest session storage if it is not already enabled.
– It reads from the same session table(s) that WooCommerce uses and never touches orders or customer records.
– WooCommerce core may still prune sessions based on its own rules; Session Shredder adds an additional, configurable rule-based layer on top.
– The plugin declares compatibility with WooCommerce High-Performance Order Storage (custom order tables) and only operates on session data.

1.1.0

• Initial release.