eZ Community » Forums » General » Disable session cookie eZSESSID for...
expandshrink

Disable session cookie eZSESSID for anonymous

Disable session cookie eZSESSID for anonymous

Wednesday 01 August 2012 2:52:59 pm - 4 replies

Hello,

I would like to know if it's possible not to set the session cookie eZSESSID for anonymous ?

If possible, could it make problems ?

Modified on Monday 06 August 2012 4:56:06 pm by Franck Grenier

  • Related forum topics

Wednesday 01 August 2012 10:00:42 pm

Upgrade?

I believe this has been a feature of eZPublish since 4.4...

If you do have a newer version of eZPublish, make sure the [Session]ForceStart is set to disabled in site.ini* files.

Thursday 02 August 2012 9:40:30 am

Hello,

my version is 4.5 and ForceStart is set to disabled.

I also tried on 4.6 version and the eZSESSID cookie is always set.

Thursday 02 August 2012 7:43:20 pm

Well, then I think something is starting a session somewhere.  I just double-checked with default installs of 4.5 and 2012.6 - no cookie is set for anonymous users.

Maybe it's an extension? 

Monday 06 August 2012 4:55:08 pm

Hello,

somme news about this topic.

A fresh "out of the box" 4.6 Enterprise does not set the Session cookie eZSESSID on each page. The cookie was set only on "/user/register" and "/user/login" during my test. On my 4.5 Enterprise, the session cookie is always set, on each page.

This cookie makes trouble with reverse-proxy, making caching impossible. We tried to delete it on Varnish side, during caching. But, when we remove it, eZ Publish forces HTTP headers on no-cache values :

  • Cache-Control : no-store, no-cache, must-revalidate, post-check=0, pre-check=0
  • Pragma : no-cache

I don't know if this behaviour is native but it looks a bit strange to me.

expandshrink

You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu