4

We're running a craftcms-backed site that uses sessions only for the admin pages.

For a few reasons, we'd like to disable session logic for all other urls:

  • the Set-Cookie header that craft uses to initiate a session makes responses uncacheable in our fronting cache layers
  • the code path under Craft\UserSessionService is unnecessary overhead for most of our logic, and occasionally adds considerable latency

We've been using HeaderHelper::removeHeader('Set-Cookie'); on a per-controller basis to turn off this behavior, but that only gets us so far - for example, 404 responses seem to try to initiate user sessions as well, before any of our custom logic can be used:

This is a screenshot of newrelic transaction trace for a 404 response (This is a screenshot of newrelic transaction trace for a 404 response)

How can we get craftcms to stop trying to set these sessions?

I should note that we're looking into getting session storage out of the filesystem and into redis, which should also help - but most of the sessions we're keeping are meaningless, and I'd rather not keep track of them at all.

Brad Bell
  • 67,440
  • 6
  • 73
  • 143
Chris MacDonald
  • 77
  • 2

1 Answers1

3

I'm not sure there is going to be an easy way to do this in Craft 2, unfortunately.

In the upcoming Craft 3, we refactored the session logic so that a session will only get started on requests that actually need session, which is basically what you're looking for.

Brad Bell
  • 67,440
  • 6
  • 73
  • 143