Why is session state needed for concrete5? And can it be disabled?

Question

Public visitors to a site being hosted on Concrete5 CMS platform are given a session cookie. Even when there is nothing to interact with on the site itself.

Since session states are a performance drain, how can it be turned off in concrete5?

And if not, why is it needed in the first place?

Answer 1

I don't know why it's needed in the first place (for guests who aren't logged in). It has been "discussed" by the Concrete5 core team before: http://www.concrete5.org/community/forums/chat/european-directive-that-prohibits-businessandrsquo-websites-down/

...if you read through that, you'll see the following "reasons" given:

• "Every other CMS does it so we do too".
• "concrete5 uses a session cookie to track whether a user is logged in, etc..."
• "we'd actually have to change the way concrete5 works pretty deeply as we do infact open a session for everyone"
• "There's a lot of add-ons and websites already built that assume that session exists, changing this could break all of them"

Umm... so yeah, who the heck knows. I'd think it shouldn't be a problem. But there's no easy switch you can turn on or off to disable them -- you'd need to go through the code and customize the system to make this work.