The Core Development Team at Joomla.org has announced two key changes for Joomla 1.08 (which will be released soon). If you are one of our regular readers or customers, these may familiar to you as they are subjects we have been devising hacks for (and using on customer sites) for a while now.

We were very fortunate in being able to get the attention of the Core Developers for these issues, and think they represent important changes to Joomla.

Joomla 1.08, and the newer code base for Joomla 1.1 will now have the following included:

• Session management is being altered to accommodate two important changes. Non cookied visitors will no longer get session assignments, and provisions have been made to allow site administrators to accommodate users trying to log in from behind proxy banks.
• The new .htaccess file being utilized for SEF will markedly reduce instantiation of Joomla for non-existent files. Joomla 1.07 (and a few releases before) would instantiate Joomla for every request (ie: .jpg, .css, .js) from a user for a non-existent file. The new .htaccess will no longer do this, and will leave the processing of requests for these non-existent files to Apache. This will markedly decrease utilization for servers using this new .htaccess file.

Session Changes:

In the past, every page request in Joomla led to session validation and or instantiation. Particularly in the case of Spiders/Search Engines, this led to extraordinarily high numbers of session being kept in the table for Joomla sessions. Joomla sessions are tracked and implemented via cookies sent to the browser/reader, and since Search Engines do not use them, each page request looked like it was coming from a new user.

Joomla 1.08 now corrects this by setting a test cookie first, and on subsequent page loads only setting a session up if the cookie is present. This dramatically reduces the number of sessions being created by Joomla, with the resultant session kept being more reflective of the actual number of users who have either visited or logged in on Joomla websites.

To accommodate users who visit Joomla websites from behind proxy banks (like AOL), Joomla now will allow administrators to set the type of session authentication they would prefer for their websites. The default is to authenticate session based on the requester's IP address, but an additional option is now included that will allow Admins to authenticate based on the equivalent of a 'c' subnet allocation that requester is coming from. This very slightly opens Joomla's authentication, in a way that allows these proxy bank users to authenticate in spite of changes to their page requests that often occur with every page load.

The New .htaccess file:

Joomla's previous .htaccess for for use with SEF urls was too wide in scope and led to unneeded Joomla instantiation. To help correct the problem, Joomla 1.07 included the ability to present 404 errors for requests that did not correlate to real Joomla content.

The base of the problem was this: Many templates and 3rd party components include things like graphics, javascripts, and css files. During the process of normal development, sometimes these inclusions do not properly updated for changes made to locations, or sometimes are pathed wrong to locations that do not exist. In Joomla 1.0 through Joomla 1.05, this could lead to page looping.

Page looping was caused by Joomla loading its template, presenting the page to the user, and by some oversight including these requests for non-existent files. When the page included these non-existent files, the users requests for them were automatically diverted to Joomla's index .php by the previous .htaccess file. This meant Joomla got loaded a second time for that page request, which now includes the request for the non existent file again, and led to a subsequent bad page request that again instantiated Joomla, etc.....

Joomla 1.07 had the correction that provided for a generic- non templated 404 page for these requests, but still had to instantiate the index.php to present them.

The new .htaccess file has a markedly reduce scope of inclusion for page requests coming from the users. When these requests come in now for non existant css, graphics, or javascript files, Apache properly dispatches them with it own 404 methods and or pages and does not refer them to Joomla's index.php for processing. This leads to a nice reduction in utilization and subsequent decreases in page load times (the server is not having to do as much work for each page request).

It was my personal good fortune to get a chance to participate in these efforts, and we applaud the Joomla Core developers for addressing these issues and resolving them for future users of Joomla.

For more information on the new session handling, see Rey Gigataras' (Joomla Core Developer) blog at :

http://dev.joomla.org/component/option,com_jd-wp/Itemid,33/p,28/

For more information about the new .htaccess file, see this forum discussion at Joomla.org:

http://forum.joomla.org/index.php/topic,31813.0.html