Make session creation optional on Front-End

Components

Labels

None

Description

Currently on the front-end user session (tables UserSession, SessionData) is created no matter what user does. In particular simple site browsing even without form submission creates new session. When spider is indexing website, then session is also created, but spider isn't using cookies or javascript, that's why session is created for each indexed page. At the end of the day we have additional load on database server and a lot of expired session to clean up.

I propose not to create session in case, when all data, that is stored in session could be easily obtained during page load without consuming additional web server resources. This will help us in cases, when user is not logged in.

Context Information

None

Additional information (do not use)

Additionally we should check how session (admin/front-end) is working when cookies are disabled in browser or one of 3 explicit session storage modes is selected (auto, query string, cookies).

Activity

Alex
November 13, 2009 at 8:02 PM

This task was resolved multiple times, because of themes were moved into separate modules. I will revert issue status and fixed in version fields back to normal manually.

Alex
November 13, 2009 at 6:57 PM

Fix committed to [b]5.0.x branch/b. Commit Message:

1. Fixes #0000237: Make session creation optional on Front-End
2. All session id storage modes are fixed to be compatible with fake sessions.

Former user
October 3, 2009 at 12:57 PM

Closing issues from 5.0.1 version, because version was already released.

Alex
August 24, 2009 at 6:10 AM

There are still some things to to:
1. session will be created, when:

viewing product detail page (<inp2_AddToRecent/> tag)
viewing link/article/topic detail page (<inp2:RegisterHit/> tag)
subscribing to site mailing (SubscriberEmail session variable)

2. "Browse Site" functionality is broken, when cookies are disabled in browser, because admin sid is not given in url to front-end, so it could properly load admin session for permission checking.

Alex
August 23, 2009 at 9:55 PM

Fix committed to [b]5.0.x branch/b. Commit Message:

1. Fixes #0000237: Make session creation optional on Front-End
2. All session id storage modes are fixed to be compatible with fake sessions.

Resize issue view side panel

Fixed

Details

Priority

Minor

Assignee

Alex

Reporter

Alex

External issue ID

237

External issue URL

Fix versions

5.0.1

Affects versions

5.0.0

Patch Instructions

Patches must be submitted through Phabricator.

To submit patch via Command Line use Patches Workflow (via Arcanist) tutorial.
To submit patch via Web Interface use Patches Workflow (via Web Interface) tutorial.

Created August 23, 2009 at 9:15 PM

Updated December 30, 2024 at 2:16 AM

Resolved November 13, 2009 at 8:02 PM