PHPSESSID cookie in Web context mandatory / standard setting?

hgw7m · April 22, 2026, 3:06pm

Avoiding PHPSESSID

I’m wondering: Is setting PHPSESSID cookie by anonymous_session = TRUE standard in web context? This seems to be unnecessary and harmful, it’s followed by ‘cache-control: no-store, no-cache, must-revalidate’. Should I disable anonymous_session in Web context? Thanks!

MODX3, MODX2

Thanks

halftrainedharry · April 22, 2026, 6:04pm

Why do you think it’s harmful?

You have to decide if a session is necessary for your website’s front-end users.
Some extras require the $_SESSION superglobal to be available to work properly.