Hardcore Wordpress fans please don't stone me to death. XD
I am writing this article so I can easily refer my clients to this post in the future.
What I found out when I tried to create a customized inquiry form with CAPTCHA for a client was, Wordpress does not implement or allow $_SESSIONS for 3rd party WP plugins (by default). So, initially I ended up displaying the image for the CAPTCHA perfectly fine but it does not verify the user's CAPTCHA input against the text on the CAPTCHA image.
This discovery led me to create a contact form that implements CAPTCHA but does not use PHP sessions. You can download "Kontak" for Wordpress.
Just so you can understand this limitation better, I'll explain it further. In PHP coding, we have what we call “sessions”, we use this to keep a user’s information while still logged in - regardless of how many pages a user visits within the same domain. The user's data would not expire as long as the session is alive.
In Wordpress this method is applied to the core WP codes using cookies, by default all front-end 3rd party plugins would not be allowed or piggy back on WP sessions. That's the reason why most (contact) web forms in Wordpress do not have CAPTCHA.
BUT...but there is a hack to enable sessions in Wordpress, check this article - Wordpress and Sessions.
And being a cautious developer that I am, I would say that you too should be cautious if you want to apply this hack. Wordpress designed their platform this way for security reasons.
Consider this example: if I were a naughty WP plugin contributor, who studied a specific WP plugin so I can sniff or hack the data using sessions, there is nothing preventing me to do that since PHP sessions is already enabled in your site. Although a code ninja should've anticipated this kind of attacks and decides to encrypt the user's data; in this case, we can still say that enabling sessions for Wordpress would still be good.
To drive my point to home, in Wordpress if you don't want to use sessions you have to rely on cookies or any other method that would work in lieu of PHP sessions. So what do sessions have to do with eCommerce sites? First a user's info should have to be retained for every page that the user visits while he/she is still logged in the site/shopping cart. Second, some of the info like credit card information is better relayed between pages using sessions rather than cookies.
Most of the eCommerce plugins for Wordpress use Paypal, if this is your chosen payment gateway, we'll good for you because you'll probably find a suitable eCommerce plugin for your Wordpress site. (read the comments below about this)
In my opinion Wordpress is the excellent platform for information systems, but if we're going to talk about e-commerce, hmm maybe you should consider using Joomla or use a different shopping cart platform and link it to Wordpress, but membership for different platforms would not be synced (this depends on the platforms being used as well).
I know you’re looking for economical and fast solutions, but you have to make some sacrifices and be careful if you want to enable sessions in Wordpress.
I would appreciate readers' comments that would enlighten me regarding this topic.