From 0d545787bd97cb541bb9f37bb3f2a932a13da88b Mon Sep 17 00:00:00 2001 From: Shawn Bulen Date: Mon, 23 Feb 2026 12:35:48 -0800 Subject: [PATCH 1/3] Minimize unnecessary session writes Signed-off-by: Shawn Bulen --- Sources/Session.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/Sources/Session.php b/Sources/Session.php index eb9c90f99c..71ddee80ed 100644 --- a/Sources/Session.php +++ b/Sources/Session.php @@ -172,12 +172,18 @@ public function read(/*PHP 8.0 string*/$id)/*PHP 8.0: string|false*/ #[\ReturnTypeWillChange] public function write(/*PHP 8.0 string*/$id,/*PHP 8.0 string */ $data): bool { - global $smcFunc; + global $smcFunc, $scripturl; // Don't bother writing the session if cookies are disabled; no way to retrieve it later if (empty($_COOKIE)) return true; + // Don't bother writing the session for users just browsing + // Any action that is not dependent on data within the session may be added to this array + static $no_writes = array('dlattach'); + if ((empty($_REQUEST['action']) || in_array($_REQUEST['action'], $no_writes, true)) && !empty($scripturl)) + return true; + if (!$this->isValidSessionID($id)) return false; From 3c802aa8cbf85c261b42d115e0b3235061c0dfdc Mon Sep 17 00:00:00 2001 From: Shawn Bulen Date: Thu, 12 Mar 2026 22:01:11 -0700 Subject: [PATCH 2/3] Minimize unnecessary session writes Signed-off-by: Shawn Bulen --- Sources/Session.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Sources/Session.php b/Sources/Session.php index 71ddee80ed..330e71134b 100644 --- a/Sources/Session.php +++ b/Sources/Session.php @@ -172,16 +172,17 @@ public function read(/*PHP 8.0 string*/$id)/*PHP 8.0: string|false*/ #[\ReturnTypeWillChange] public function write(/*PHP 8.0 string*/$id,/*PHP 8.0 string */ $data): bool { - global $smcFunc, $scripturl; + global $smcFunc, $scripturl, $context; // Don't bother writing the session if cookies are disabled; no way to retrieve it later if (empty($_COOKIE)) return true; // Don't bother writing the session for users just browsing + // If verification is required, always write the session // Any action that is not dependent on data within the session may be added to this array static $no_writes = array('dlattach'); - if ((empty($_REQUEST['action']) || in_array($_REQUEST['action'], $no_writes, true)) && !empty($scripturl)) + if ((empty($_REQUEST['action']) || in_array($_REQUEST['action'], $no_writes, true)) && !empty($scripturl) && empty($context['require_verification'])) return true; if (!$this->isValidSessionID($id)) From e67ec804fbe4f3f33e82f3e25ce32992ae658b6d Mon Sep 17 00:00:00 2001 From: Shawn Bulen Date: Fri, 13 Mar 2026 10:46:17 -0700 Subject: [PATCH 3/3] Minimize unnecessary session writes Signed-off-by: Shawn Bulen --- Sources/Session.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Sources/Session.php b/Sources/Session.php index 330e71134b..ec3c07ff5d 100644 --- a/Sources/Session.php +++ b/Sources/Session.php @@ -173,6 +173,8 @@ public function read(/*PHP 8.0 string*/$id)/*PHP 8.0: string|false*/ public function write(/*PHP 8.0 string*/$id,/*PHP 8.0 string */ $data): bool { global $smcFunc, $scripturl, $context; + // Any action that is not dependent on data within the session may be added to this array + static $no_writes = array('dlattach'); // Don't bother writing the session if cookies are disabled; no way to retrieve it later if (empty($_COOKIE)) @@ -180,8 +182,6 @@ public function write(/*PHP 8.0 string*/$id,/*PHP 8.0 string */ $data): bool // Don't bother writing the session for users just browsing // If verification is required, always write the session - // Any action that is not dependent on data within the session may be added to this array - static $no_writes = array('dlattach'); if ((empty($_REQUEST['action']) || in_array($_REQUEST['action'], $no_writes, true)) && !empty($scripturl) && empty($context['require_verification'])) return true;