How to Completely Disable Session Activity for Visitors on Joomla Websites

Note: This post contains core modifications. If you’re not comfortable with doing core modifications, then please ask some Joomla experts to do it for you.

Another note: This post assumes that your website doesn’t allow users to login to the frontend – if that’s not the case then please be aware that the modifications below must be modified (What? The modifications need to be modified? What kind of English is this?) to accommodate your needs. If you think this is a bit over your head, then we suggest you contact us!

Joomla has the nasty habit of creating and maintaining a session in Joomla for every visitor, which is an unnecessary overhead that causes performance issues on high traffic websites.

Luckily, at itoctopus, we have a solution for everything Joomla: in a previous post, we have discussed how to minimize write activities to on the #__session table, in this post, we will explain how to completely disable write activity for visitors on the Joomla website.

So, how can you completely, fully, unequivocally (can this word be used in this context?) disable all activities on the #__session table for visitors on a Joomla website?

Well, you can do that by following the below guide:

Open the file cms.php which is located under the libraries/cms/application/ folder.
At the very beginning of the checkSession function, add the following code:

if (stripos($_SERVER['PHP_SELF'], '/administrator/') !== 0) return;

The above will disable initial creation of the session for all pages with the exception of administration pages (including the login page for administrators).
Open the file database.php which is located under the libraries/joomla/session/storage/ folder, and add the following code at the very beginning of the read, the write, the destroy, and the gc functions:

if (stripos($_SERVER['PHP_SELF'], '/administrator/') !== 0) return;
That’s it!

After adding the above code, your Joomla website will no longer do any session activity for your visitors; it will not insert, update, retrieve, or delete anything from the #__session when someone is visiting your website. This will lessen the load on your server (the load reduction will be noticeable on high traffic websites) and will reduce the impact of DoS attacks.

We know that some of you might be intimidated by the thought of updating core files, so, if you need help with that, please contact us. Our rates are super affordable, our work is super clean, and we are super friendly!

2 Responses to “How to Completely Disable Session Activity for Visitors on Joomla Websites”

rss

Comment by Ray Sharma — January 8, 2021 @ 3:24 am
Thanks for the great information. Would like to clarify if this will also disable session storing for logged in users and what is the impact if it is so ?
Comment by mehmet — February 27, 2022 @ 1:39 pm
Hi! After Joomla 3.8 this path Library /cms/application/ is no longer used. What should you do?

At itoctopus, we're here to help you with your business! That's our promise to you. Whether you're looking for urgent programming help in the middle of the night, or you need help expanding your website, or you need to claim your projects for R&D, then you're at the right place. We have served a lot of customers since 2001, and we'll be happy to serve you!

If you want to fix an urgent issue (for example, your website is down), then give us a call at 514 961 2804, this line is at your service 24/7/365!
Call Now: 514 933 8036
Just give us a call if you need help on your website, and you'll be surprised how friendly, efficient, and fast we are! Oh, and we genuinely care about your business! (International clients please call +1 514 933 8036)

How to Completely Disable Session Activity for Visitors on Joomla Websites

Leave a comment