Actions

Disable all cookies for normal visitors in Joomla

From Joomla! Documentation

Revision as of 12:12, 1 August 2008 by Erdsiger (Talk | contribs)

Joomla excessively utilizes session cookies for user tracking, hit counting, statistics and more. This can upset cookie-aware users and therefore undermine your credibility, especially if you're running sites promoting data thriftiness (sounds awful in English... "Datensparsamkeit" in German - does anyone know a better translation?  :) )

Following I will describe how to avoid all cookies for normal visitors and still have front end login.

  • First of all: Deactivate site statistics! Global configuration -> Statistics -> Statistics: No. This will stop the "mosvisitor" cookie.
  • Don't use the Template Chooser module, because it uses a cookie named "jos_user_template".
  • Be careful with components: Some might start their own PHP session. (And I just don't get why 1 session isn't enough...) Fabrik is such a case.
  • Now to the main point: Delete / comment out line 697 of /includes/joomla.php like this:
// setcookie( $sessionCookieName, '-', false, '/' );

Because of a set POST/GET parameter named "force_session", a user session will be started anyway in the code further down if someone logs in. This parameter is set in the standard login module. If you use your own login module, just add this parameter!

Additional: Comment out line 25 in /offline.php: // session_start(); This seams to be an artifact of old versions. It really doesn't make sense to me, to start a PHP session in this file, particularly because Joomla uses its own session mechanism...