SimpleMachines · sbulen · Feb 23, 2026 · Mar 13, 2026 · Mar 13, 2026 · Apr 11, 2026
diff --git a/Sources/Session.php b/Sources/Session.php
@@ -172,12 +172,19 @@ public function read(/*PHP 8.0 string*/$id)/*PHP 8.0: string|false*/
 	#[\ReturnTypeWillChange]
 	public function write(/*PHP 8.0 string*/$id,/*PHP 8.0 string */ $data): bool
 	{
-		global $smcFunc;
+		global $smcFunc, $scripturl, $context;
+		// Any action that is not dependent on data within the session may be added to this array
+		static $no_writes = array('dlattach');
 
 		// Don't bother writing the session if cookies are disabled; no way to retrieve it later
 		if (empty($_COOKIE))
 			return true;
 
+		// Don't bother writing the session for users just browsing
+		// If verification is required, always write the session
+		if ((empty($_REQUEST['action']) || in_array($_REQUEST['action'], $no_writes, true)) && !empty($scripturl) && empty($context['require_verification']))
+			return true;
+
 		if (!$this->isValidSessionID($id))
 			return false;