How to Completely Disable Session Activity for Visitors on Joomla Websites

Note: This post contains core modifications. If you’re not comfortable with doing core modifications, then please ask some Joomla experts to do it for you.

Another note: This post assumes that your website doesn’t allow users to login to the frontend – if that’s not the case then please be aware that the modifications below must be modified (What? The modifications need to be modified? What kind of English is this?) to accommodate your needs. If you think this is a bit over your head, then we suggest you contact us!

Joomla has the nasty habit of creating and maintaining a session in Joomla for every visitor, which is an unnecessary overhead that causes performance issues on high traffic websites.

Luckily, at itoctopus, we have a solution for everything Joomla: in a previous post, we have discussed how to minimize write activities to on the #__session table, in this post, we will explain how to completely disable write activity for visitors on the Joomla website.

So, how can you completely, fully, unequivocally (can this word be used in this context?) disable all activities on the #__session table for visitors on a Joomla website?

Well, you can do that by following the below guide:

  • Open the file cms.php which is located under the libraries/cms/application/ folder.
  • At the very beginning of the checkSession function, add the following code:

    if (stripos($_SERVER['PHP_SELF'], '/administrator/') !== 0)
    return;

    The above will disable initial creation of the session for all pages with the exception of administration pages (including the login page for administrators).

  • Open the file database.php which is located under the libraries/joomla/session/storage/ folder, and add the following code at the very beginning of the read, the write, the destroy, and the gc functions:

    if (stripos($_SERVER['PHP_SELF'], '/administrator/') !== 0)
            return;

  • That’s it!

After adding the above code, your Joomla website will no longer do any session activity for your visitors; it will not insert, update, retrieve, or delete anything from the #__session when someone is visiting your website. This will lessen the load on your server (the load reduction will be noticeable on high traffic websites) and will reduce the impact of DoS attacks.

We know that some of you might be intimidated by the thought of updating core files, so, if you need help with that, please contact us. Our rates are super affordable, our work is super clean, and we are super friendly!

No comments yet.

Leave a comment