Drupal should support disabling anonymous sessions
| Project: | Drupal |
| Version: | 7.x-dev |
| Component: | base system |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
I'm putting Drupal onto a high traffic site and I'm concerned with the scalability of the anonymous sessions. I asked about disabling the sessions in #drupal on freenode and there was interest in the solution, but no one had done it before, so I'm bringing the question here.
A lot of the modules (both built in and 3rd party like CCK) use $_SESSION, but it looks like that is only for administration forms or functions that a user will have to be logged in to use anyway. includes/session.inc specifically mentions the throttle module and the "Who's Online" block - both of which I won't be using, so I don't see anything that jumps out at me as requiring an anonymous session and yet I don't see a way to disable it.
This is inspired from my forum topic on the same subject: http://drupal.org/node/183006
#1
A setting should probably have three different values:
The latter option will allow $_SESSION to work for anonymous users, but the session will only be written if a module actually uses this for anonymous users.
#2
I agree that supporting those 3 modes is a great idea.
I wrote #3 a while back but it was committed and then rolled back because we broke the 'who's online' and throttle modules. Throttle is out of core so we don't need to deal with that. We can just note incompatibity in the UI with Who's Online. See the first patch at #40545: Improve speed by avoiding unnecessary updates in sess_write()