Site Health Warning – Login Form Module PHP Session Issue

I’m getting a WordPress Site Health Status warning that appears to be related to the Login Form module:

Warning Message:
“A PHP session was created by a session_start() function call. This interferes with REST API and loopback requests. The session should be closed by session_write_close() before making any HTTP requests.”

Issue Location:
File: ultimate-elementor/modules/login-form/module.php
Lines: 90-92
Code:

if ( ! session_id() && ! headers_sent() ) {
    session_start();
}

Problem:
The Login Form module starts a PHP session but doesn’t close it before WordPress makes internal HTTP requests. This can interfere with REST API calls, loopback requests, and other WordPress operations.

Suggested Fix:
Add session cleanup in the Login Form module. Here’s a recommended approach:

// In the Login Form module class, add a method to close sessions:
private function close_session_before_http() {
    if (session_status() === PHP_SESSION_ACTIVE) {
        session_write_close();
    }
}

// In the constructor or initialization method, add hooks:
add_action('rest_api_init', array($this, 'close_session_before_http'), 1);
add_action('http_api_curl', array($this, 'close_session_before_http'), 1);
add_action('shutdown', array($this, 'close_session_before_http'), 1);

// Also close before any wp_redirect calls in the login form functionality

Alternative Simple Fix:
If the session is only needed temporarily, you could close it immediately after use:

if ( ! session_id() && ! headers_sent() ) {
    session_start();
    // ... do session work ...
    session_write_close(); // Close when done
}

Impact:
This affects WordPress Site Health and can interfere with REST API functionality, especially on sites using the Login Form widget.

Could you please include this fix in a future update? It would ensure compatibility with WordPress’s internal HTTP operations.