From 8e0f05618f264964a8c6f75da28474ca5bc07f65 Mon Sep 17 00:00:00 2001
From: Will Ezell <will@dotcms.com>
Date: Tue, 9 Dec 2025 13:13:08 -0500
Subject: [PATCH 1/2] fix(session): the recent changes to analytics and
 timemachine created code that automatically created a session/cookie when
 called.  This should not happen

ref: #34035
---
 dotCMS/src/main/java/com/dotcms/rest/ContentResource.java    | 4 +++-
 .../java/com/dotmarketing/business/web/HostWebAPIImpl.java   | 5 +++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/dotCMS/src/main/java/com/dotcms/rest/ContentResource.java b/dotCMS/src/main/java/com/dotcms/rest/ContentResource.java
index 8506d0703840..ac120dd20044 100644
--- a/dotCMS/src/main/java/com/dotcms/rest/ContentResource.java
+++ b/dotCMS/src/main/java/com/dotcms/rest/ContentResource.java
@@ -614,7 +614,9 @@ public Response getContent(@Context HttpServletRequest request, @Context final H
         Optional<Status> status = Optional.empty();
         String type = paramsMap.get(RESTParams.TYPE.getValue());
         String orderBy = paramsMap.get(RESTParams.ORDERBY.getValue());
-        final String tmDate = (String) request.getSession().getAttribute("tm_date");
+        final String tmDate = (request.getSession(false) !=null && request.getSession().getAttribute("tm_date") !=null)
+                ? (String)  request.getSession().getAttribute("tm_date")
+                : null;
         type = UtilMethods.isSet(type) ? type : "json";
         final String relatedOrder = UtilMethods.isSet(orderBy) ? orderBy: null;
         orderBy = UtilMethods.isSet(orderBy) ? orderBy : "modDate desc";
diff --git a/dotCMS/src/main/java/com/dotmarketing/business/web/HostWebAPIImpl.java b/dotCMS/src/main/java/com/dotmarketing/business/web/HostWebAPIImpl.java
index 73029f6f3840..c37d9895b543 100644
--- a/dotCMS/src/main/java/com/dotmarketing/business/web/HostWebAPIImpl.java
+++ b/dotCMS/src/main/java/com/dotmarketing/business/web/HostWebAPIImpl.java
@@ -21,6 +21,7 @@
 import com.liferay.portal.PortalException;
 import com.liferay.portal.SystemException;
 import com.liferay.portal.model.User;
+import com.liferay.portal.util.PortalUtil;
 import com.liferay.portlet.ActionRequestImpl;
 import com.liferay.portlet.RenderRequestImpl;
 
@@ -78,8 +79,8 @@ public Host getCurrentHost(final HttpServletRequest request)
     public Host getCurrentHost(final HttpServletRequest request, final User userParam)
             throws DotDataException, DotSecurityException {
 
-        final UserWebAPI userWebAPI = WebAPILocator.getUserWebAPI();
-        final User user       = userParam != null ? userParam : userWebAPI.getSystemUser();
+
+        final User user       = PortalUtil.getUser(request) == null ? APILocator.getUserAPI().getAnonymousUser() : PortalUtil.getUser(request);
         final boolean respectAnonPerms = user == null || user.isFrontendUser() || !user.isBackendUser();
 
         Optional<Host> optionalHost = this.getCurrentHostFromRequest(request, user, respectAnonPerms);

From 319d5108138ecfc7e891212ee2e3c1981cd8ee87 Mon Sep 17 00:00:00 2001
From: Will Ezell <will@dotcms.com>
Date: Tue, 9 Dec 2025 14:25:25 -0500
Subject: [PATCH 2/2] fix(session): the recent changes to analytics and
 timemachine created code that automatically created a session/cookie when
 called.  This should not happen

ref: #34035
---
 .../java/com/dotmarketing/business/web/HostWebAPIImpl.java   | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/dotCMS/src/main/java/com/dotmarketing/business/web/HostWebAPIImpl.java b/dotCMS/src/main/java/com/dotmarketing/business/web/HostWebAPIImpl.java
index c37d9895b543..73029f6f3840 100644
--- a/dotCMS/src/main/java/com/dotmarketing/business/web/HostWebAPIImpl.java
+++ b/dotCMS/src/main/java/com/dotmarketing/business/web/HostWebAPIImpl.java
@@ -21,7 +21,6 @@
 import com.liferay.portal.PortalException;
 import com.liferay.portal.SystemException;
 import com.liferay.portal.model.User;
-import com.liferay.portal.util.PortalUtil;
 import com.liferay.portlet.ActionRequestImpl;
 import com.liferay.portlet.RenderRequestImpl;
 
@@ -79,8 +78,8 @@ public Host getCurrentHost(final HttpServletRequest request)
     public Host getCurrentHost(final HttpServletRequest request, final User userParam)
             throws DotDataException, DotSecurityException {
 
-
-        final User user       = PortalUtil.getUser(request) == null ? APILocator.getUserAPI().getAnonymousUser() : PortalUtil.getUser(request);
+        final UserWebAPI userWebAPI = WebAPILocator.getUserWebAPI();
+        final User user       = userParam != null ? userParam : userWebAPI.getSystemUser();
         final boolean respectAnonPerms = user == null || user.isFrontendUser() || !user.isBackendUser();
 
         Optional<Host> optionalHost = this.getCurrentHostFromRequest(request, user, respectAnonPerms);