Hi,
I have the php.ini session.auto_start = 0 and the Yii main config session setting ‘autoStart’ => false.
I am not using any user/state/authentication functions.
I am testing a straight-forward action in a controller which does not reference sessions in any way.
Despite all these, I am still getting a new session/PHPSESSIONID with every request.
What part of Yii may be starting a session, and how do I really stop it?
Thank you,
Luci
Upon further investigation it seems that a session is started by the CAccessControlFilter->preFilter method.
Now, what I find interesting is that even with no access rules set, or with access filters not dependent on users, this method will do an Yii::app()->getUser() which in turn starts a session to see if there is a session user present.
I think any reference to the user object in the preFilter method should only be made conditionally IF there is a need to check access rules against a user.
I am against starting sessions for basically any page for no reason - not only for performance reasons but also because this affects upstream caching and CDNs…
Luci