Category Archives: magento commerce

Magento Commerce

Credit Card Scrapers Continue to Target Magento

A great article I found by Chris Brook regarding a malicious function snuck into SF9Realex, a module that helps sites store customer card data for one-click checkout.

Click here for full article.
https://threatpost.com/credit-card-scrapers-continue-to-target-magento/124267/

“Attackers continue to take aim at the e-commerce platform Magento. Researchers said last week they came across a malicious function snuck into one of the platform’s modules in order to steal credit card information.  Code for the function was injected into a .php file for SF9 Realex, a module that helps sites store customer credit card data for the one-click checkout functionality commonly used by repeat customers. The module interacts with the Realex RealAuth Remote and Redirect systems, “very popular solutions in the Magento community,” according to Bruno Zanelato, a researcher with the firm Sucuri, who found the malicious function.”

“According to researchers, the attacker uses binlist.net, a public web service for searching issuer identification numbers (IIN), to help identify which bank each card is associated with.”

 

“Magento credit card stealers are indeed on the rise,” Zanelato wrote Friday, “While the information here is specific to Magento, realize that this can affect any platform that is used for ecommerce. As the industry grows, so will the specific attacks targeting it.”

Magento Community Edition 1.8 Release – Notable Mention USPS Update

Leave a reply

Magento Community Edition (CE) 1.8.0.0 Release Notes

See the following sections for information about changes in this release:

Highlights

  • Major overhaul of tax calculation formulas, correction of rounding errors, and additional assistance with configuration.
  • Optimized cache adapters for single-server systems
  • Upgraded Redis cache adapters for multi-server systems.
    To set up and use Redis with Magento, see Using Redis with Magento Community Edition (CE) and Enterprise Edition (EE).
  • Eliminated many types of database deadlocks.

Security Enhancements

  • Errors are not displayed in a new Magento installation.
  • Fixed a session fixation vulnerability in the new user registration process. Attackers can no longer abuse this flaw to take over new user accounts during registeration.
  • Prevent a user with limited privileges to delete the Magento installation.
  • Prevent attacks that use OAuth to leak sensitive information to an attacker that knows the consumer key and user token.
  • Resolved an issue that enabled attackers to gain access to billing information.
    We thank Darryl Adia (from Ampersand Commerce) for contributing to this fix.
  • Resolved issues with the security of OAuth tokens and keys.
  • A remote code execution vulnerability was fixed.
    We thank Bastian Ike for contributing to this fix.
  • The Magento Admin Panel and web stores no longer allow web browsers to store user names or passwords.
  • The Magento web store has additional Cross Site Request Forgery (CSRF) protections, meaning an imposter can no longer impersonate a newly registered customer and perform actions on the customer’s behalf.
  • The cryptographic methods used to store passwords were improved to enhance security.

United States Postal Service (USPS) Update

The USPS changed the names of their Priority and Express shipping options in their API in July 2013. To enable you to continue utilizing USPS Priority and Express mail methods, CE 1.8 includes a patch that addresses the issue.

Important: The USPS API patch has an impact on upgrading to CE 1.8 from earlier versions. If you’re doing a new CE 1.8 installation, however, you don’t need to do anything.

Following are details about the upgrade impact:

  • Print all USPS shipping labels before upgrading; after upgrading, you will not be able to print them.
  • Any shopping cart price rules that use the USPS shipping method that created before you upgrade must be re created after you upgrade. Pre-existing USPS shipping methods do not work with shopping cart price rules after the upgrade.

Performance Improvements

  • Limited the way Magento performs large database lookups.
  • Checkout performance improvements achieved by:
    • Eliminating unnecessary RSS cache cleanups when RSS functionality is disabled
    • The locale used to send a new order confirmation e-mail now first checks to see if the customer’s locale is the same as the store’s locale before attempting to localize the e-mail.
    • Improving the overall checkout process performance by loading the progress information for the current checkout step only
  • You can load a large number of tax codes (35,000 or so) without impacting performance.

Tax Calculation Fixes

Tax calculation issues can be divided into the following sections:

General Tax Notes

The following general fixes were made to Magento tax configuration and calculations:

  • Based on Magento testing and merchant experience, certain tax configuration settings have been determined to be susceptible to rounding issues and can be confusing to buyers. To help you avoid issues with those settings, warning messages display in the Admin Panel if you attempt to save such a configuration.
    Administrative users can choose to dismiss the messages and can still save the configuration; however, Magento strongly recommends you change the configuration in a way recommended by the details displayed in the message.
    For details, see Magento CE 1.8 and EE 1.13: Recommended Tax Configurations and Best Practices.
  • Bundle pricing is more consistent as follows:
    • The calculation formula is: Sub item price = Sub item base price * Applicable tiered price adjustment or discount, then rounded Bundle price = Sum (round(sub item price * qty))
    • When non-integer quantities are multiplied by a product price, Magento rounds the resulting subtotal is as follows: round(unit price * non-integer quantity)
  • All product price information on which taxation is based are rounded to two digits of precision regardless of how many digits of precision have been loaded into the database (for example, $10.24 instead of $10.2385). This situation can occur when certain integrations enable third-party applications to send four-digit precision prices to Magento.
    Starting with this release those additional digits will have no impact on customer facing prices. Forcing two digits of precision enables more exact calculations involving Fixed Product Tax (FPT), discounts, and taxes—among other concerns.
  • For certain Canadian provinces and localities, calculations and methods were updated to support changing legal requirements in Canada:
    • Provincial Sales Tax (PST)
    • Goods and Services Tax (GST)
    • Taxe de vente du Québec (TVQ)—also referred to as Quebec Sales Tax (QST)

For details, see Magento CE 1.8 and EE 1.13: Recommended Tax Configurations and Best Practices.

Rounding Error Fixes

The following issues relate to one-cent rounding errors in the web store or shopping cart:

  • Calculating taxes for bundled products with tiered pricing.
  • Calculating the price before customization for bundled products.
  • Calculating the grand total of items added to a cart in a different order.
  • Viewing an order when taxes are calculated after a discount using either row-based or unit price.
  • Applying a discount to an order with a shipping address different than the billing address.
  • Calculating the grand total based on the order in which products are added to the shopping cart.
  • Specifying that prices display in the web store excluding tax and setting a 20% tax rate (or discount rate) now calculates the grand total correctly. It is now possible to have grand totals in amounts like 6.99, 9.99, or 99.99—regardless of the currency units used in the web store.
  • Adding multiple items to a cart does not affect the accuracy with which taxation is calculated.
  • Subtotal (Incl. Tax) is now correct when catalog and shipping prices include tax. Both tax and discounts are applied after tax.
  • Prices displayed in the cart and on the catalog page are consistent and correct when catalog prices include tax, and when items in the catalog are set to display both including and excluding tax.
    (In the Admin Panel, click System > Configuration > SALES > Tax. In the right pane, expand Calculation Settings.)
  • Error in calculating the Grand Total Excl. Tax was resolved. This error occurred in a specific configuration: tax is applied to FPT, FPT is included in the subtotal, and the customer selects non-taxable flat rate shipping.

Fixed Product Tax (FPT) Fixes

The following issues relate to errors in calculating taxes that include FPT in the web store or shopping cart:

  • Price in the cart displays the correct before-tax price and grand total.
  • Subtotals displayed in the cart—both Including Tax and Excluding Tax—are now correctly calculated when FPT is applied.
  • Free shipping offers are now processed correctly when FPT is applied.
  • FPT taxes are calculated correctly when a discount is applied.

Discount Calculation Fixes

The following issues relate to price calculations when coupon codes or other discounts are applied in the web store or shopping cart:

  • The Row Subtotal displayed in the cart is calculated correctly (that is, both Excl. Tax and Incl. Tax are correct).
  • The price for bundled items now displays with tax included if the bundle is configured to do so.
  • Taxation is now correctly calculated on a product with a discounted price.
  • Taxation on discounts is now calculated correctly when the ship-to country is different from the web store’s default country.

Display Fixes

The following issues relate to the incorrect display of tax information in the Admin Panel or in your Magento web store:

  • Row Subtotal displays correctly in the shopping cart when:
    • FPT is applied.
    • A discount is applied to a situation where the tax the customer pays is different from the tax specified for the web store’s locale (for example, when the shipping origin is different than the shipping address).
  • Subtotal including tax on a credit memo is correct when one or more items in the memo includes FPT.
  • Item subtotal displays correctly when a discount is applied to a purchase that includes FPT.
  • If the administrator sets catalog prices to exclude tax and to display product prices in catalog as including tax, the price of the product in your web store includes applicable taxes.
    (In the Admin Panel, click System > Configuration > SALES > Tax. In the right pane, expand Calculation Settings.)
  • The amount of tax displayed in the Order Totals section of the shopping cart is now correct when free shipping and a shopping cart rule discount are applied.

API Fixes

The following are fixed in the Magento SOAP v2.0 APIs (with exceptions noted):

  • Requesting a product using a call like the following returns the product with the specified numeric SKU value (8888 in the following example): $result = $client->call($sessionId, 'catalog_product.info', '8888', null, null, 'sku');
  • Order status is changed correctly using salesOrderAddComment.
  • The shoppingCartProductMoveToCustomerQuote method works properly.
  • You can now use fromto complex filters to perform “window” filtration on a single field. For example, you can use from and to on the created_at return a list of sales orders using the salesOrderList.
  • When you use the SOAP API v.2.0 with WS-I Compliance enabled to retrieve sales orders information, the server responds with the correct Content-Length header.
  • The productGetSpecialPrice method returns special price information for a product, whether or not WS-I Compliance is enabled.
  • The shoppingCartPaymentList method returns the list of the available payment methods for the shopping cart appropriately. The following error is no longer returned: SOAP-ERROR: Encoding: object has no 'code' property in name
  • The following issues with WSDL and WS-I Compliance are resolved:
  • XML-RPC API: Using the product_custom_option.add operation with multicall no longer results in redundant options.

Fixes

Fixes in this release can be divided into the following categories:

Web Store and Shopping Cart Fixes

  • A customer’s account created date is correct.
  • When a product price is set with website scope and an administrative user has access to only one website, the default price is taken from that website scope. Also, when saving the product on the website scope, the price is updated only in that scope and not in the default scope.
  • An error no longer displays on your web store after a customer places an order. (The error message was There has been an error processing your request. Please contact us or try again later).
  • Restricted coupon codes work properly, even if the customer has selected the Remember me check box.
  • Using the Table Rates shipping option, free shipping options work properly. (In the Admin Panel, click System > Configuration > SALES > Shipping Methods. In the right pane, expand Table Rates.)
  • Issues with shipping table rates have been resolved.
  • Entering a value such as 10,50 (using a comma character and not a period) for Adjustment Fee now results in the correct amount of credit being applied to the transaction.
  • Unit price for bundled products is now calculated correctly.
  • The tiered price of bundled items now displays properly on the web store.
  • Composite products can be successfully reordered.
  • You can now use special characters in a product URL key.
  • After a customer visits the sitemap, web stores URLs are no longer prepended by /sitemap/catalog/string.
  • Welcome messages now display properly in the web store after a customer’s profile information is changed.
  • Recently viewed products now display updates properly.
  • Armed Forces Middle East is now available for State when checking out.
  • Searching for a customer’s orders and returns works properly.
  • Shipping is calculated correctly if you select Using origin weight (few requests) for Packages Request Type. (In the Admin Panel, click System > Configuration > SALES > Shipping Methods > DHL (Deprecated)).
  • Free shipping is no longer available to a customer during checkout if the option was disabled by an administrator. (In the Admin Panel, click System > Configuration > Sales > Shipping Method > DHL(Deprecated), click one or more options from the Allowed Methods list, and, from the Free Shipping with Minimum Order Amount list, click No.)
  • A user can navigate your web store while downloading a downloadable product.
  • You can now specify weight units in kilograms (kg) using the FedEx shipping method.
  • FedEx shipping rates are now consistent with Magento discounted rates.
  • Fixed issues with United Parcel Service (UPS) shipping rates.
  • UPS shipping labels have the word SAMPLE printed on them only when you request a sample label.
  • Changes made to United States Post Office (USPS) APIs and rates have been incorporated in Magento.
  • The products in a customer’s wish list no longer disappear after one or more products are edited by an administrator.
  • Administrators can view the contents of a customer’s shopping cart.
  • When a customer selects a product on your web store, the assigned category is selected in the navigation menu.

Promotional Price Rule Fixes

The following fixes relate to administering and using shopping cart price rules and catalog price rules:

  • Shopping cart price rules applied to specific customer groups work properly.
  • Catalog price rules are applied properly to customer groups.
  • The scope of a product attribute is now honored by a catalog price rule.
  • Discounts specified by a shopping cart price rule are applied properly when a particular order is shipped to multiple addresses.
  • A discount specified by a shopping cart price rule that allows for more than one use per customer is applied the correct number of times if the customer has their orders shipped to more than one address.
  • When an administrative user whose role is restricted to only viewing catalog price rules, the user cannot add or edit catalog price rules.
  • Shopping cart price rules now work properly with bundled products.

Administrative Ordering and Credit Memo Fixes

  • When you create an order using the Admin Panel and you have multiple stores, the State/Province field updates appropriately for the country in which the order is placed.
  • When you create an order using the Admin Panel and you have specified a default billing address and a default shipping address, the addresses are used correctly.
  • Orders placed by an administrator display in a customer’s last order list.
  • Product comparisons now display properly when an administrator makes a change using the Admin Panel (for example, deleting a product from a customer’s comparison list).
  • You can now cancel an order using the Admin Panel.
  • Orders and invoices that include taxable shipping—when created in the Admin Panel—now calculate the shipping taxes properly.
  • Products added to a customer’s wish list by an administrator display properly.

Import Fixes

  • The quantity (QTY) of all products imports correctly.
  • The value of Maximum Qty Allowed in Shopping Cart (use_cfg_max_sale_qty) is correct.
  • The product displays correctly in layered navigation.
  • Importing customer lists with capitalization variations in the e-mail address now imports the customer only once (for example, user@example.com and User@example.com).
  • Issues with importing products with Append Complex Data selecting from a comma-separated value (.csv) file have been resolved.

Payment Method Fixes

  • Resolved issue sending customer e-mail when using Payflow Link.
  • Security issues with Google Checkout payments have been resolved.
  • Security issues with Authorize.net payments have been resolved.
  • Magento conforms to the latest version of the PayPal Instant Payment Notification (IPN) guidelines.
  • The contents of a shopping cart are unaffected by canceling a PayPal payment.
  • Issues with not being able to continue checkout after switching payment methods have been resolved.
  • You can now process partial refunds and invoices for orders that were placed using Payflow Pro.
  • Payflow Link and Payments Advance now capture IPN transactions properly.
  • Special characters (such as e-mail addresses) are now handled properly by the Magento Payflow API integration.
  • Resolved errors with orders placed using the Website Payments Pro payment method.
  • PayPal Express Checkout payments are handled properly when a shopping cart price rule is specified.
  • Any PayPal Name-Value Pair (NVP) payment method no longer automatically refunds an order when a chargeback is initiated. Magento now allows the dispute to be resolved before taking the appropriate action.
    PayPal NVP payment methods include: PayPal Payments Pro (including PayPal Payments Pro Hosted), Payments Standard, and all Payflow methods.
  • PayPal Pro now correctly processes the shipping address for an order.
  • PayPal Express Checkout and PayPal Pro now handle partial refunds properly.
  • Fixed rounding errors that were preventing PayPal Express Checkout transactions from completing. The error occurred with the following configuration:
    • tax calculation method based on the total
    • tax calculated based on the shipping address
    • catalog prices exclude tax
    • shipping prices exclude tax
    • customer discount applied after a discount
    • discount applied to prices excluding tax
    • tax applied to a custom price if available
      (In the Admin Panel, click System > Configuration > SALES > Tax. In the right pane, expand Calculation Settings.)
  • The order status Suspected Fraud is now supported by PayPal Payments Pro (hosted) when PayPal fraud protection is enabled. Using the Magento Admin Panel, the merchant can also accept or deny any Suspected Fraud orders and have that decision applied to the PayPal transaction.
  • When sending payments in the United Kingdom, PayPal Payments Pro (hosted) now sends the value for state correctly. (Before the fix, city was sent as the value for state.)
  • Using the Ogone payment method, transactions display in the Magento Admin Panel after you capture them.
  • When an administrator places an order and uses PSi Gate, then cancels the order, the PSi Gate gateway displays both the order and the void transactions.
  • The following fields related to PayPal’s Payflow Pro Gateway payment method are now implemented properly:
  • Fixed spurious Gateway error: Void error: V18A4B18E0F9 has been captured errors when canceling partially invoiced orders when the Payflow Pro processor was used to process the payment.
  • 3-D secure fixes that affect UK merchants only:
    • 3-D Secure for UK merchants implementing Direct Payment works properly.
    • SagePay Direct with 3-D secure payments are processed correctly.
  • The Braintree payment method can now be configured properly.
  • Partial captures are now supported for the following PayPal payment methods: Express Checkout, Payments Pro Payflow Edition, and PayPal Standard.
  • Using the PayPal Express Checkout method, a recently added customer can check out without the error This customer email already exists.

Other Fixes

  • Issues regarding the DHL shipping method for shippig orders on holidays have been resolved as follows:
    • If the current date is a weekend, Magento chooses next Monday as the shipping date.
    • If the current date is a holiday, Magento requests from DHL information about the next five consecutive days to find a workday on which to ship the order.
    • If there is workday in the five consecutive days following a holiday, the DHL shipping method is unavailable.
  • The .htaccess.sample provided with Magento now includes php_value memory_limit 512M to be consistent with the Magento system requirements.
  • You can now install or upgrade to EE 1.13.0.2 if your Magento database had a table prefix (for example, all tables start with mage_ because you specified a tables prefix during installation).
  • MySQL database deadlock issues were resolved.
  • CE 1.8 is now World Wide Web Consortium (W3C) compliant.
  • When an administrative user whose role is restricted to managing products attempts to edit Inventory settings (Catalog > Manage Products, Inventory), only the available options display.
  • Related product information updates appropriately in the Admin Panel.
  • Issues with editing product inventory settings and category attributes using the Google Chrome web browser have been resolved.
  • Rolling back after a backup now works properly. (The Magento backup and rollback options are available in the Admin Panel in System > Tools > Backup.)
  • You can now fetch data for a PayPal Settlement Report using a custom Secure FTP (SFTP) server.
  • You can now save a category with the option Available Product Listing Sort By: Best value or Price enabled.

I want my customers to be able to buy even if I do not have the product in stock. How do I do that? = Turn on Back Ordering Capabilities in Magento

Leave a reply

I often get individuals asking – “I want my customers to be able to buy even if I do not have the product in stock. How can I allow them to buy still? And ship once I have it in stock.”

The answer = Turn on Magento’s Back Order capabilities.

Back Order – a business order yet to be fulfilled because stock is unavailable.

To enable backorders, go to:Admin Panel -> System -> Configuration -> Catalog Tab -> Inventory -> Product Stock Options -> Backorders = Allow Qty Below 0 and Notify Customer Edit Product to Qty = 0 and Stock Availability = In Stock

When you add the particular product to cart, the product is added to cart and you will see the following message:* This product is not available in the requested quantity. 1 of the items will be backordered.You can order the product even if it is out of stock. The product will be delivered to you when it is in stock.

Ebay Acquires Magento!

Leave a reply

eBay Agrees to Acquire Magento

The past several years have been an amazing journey for Magento, as we’ve grown from a new open source platform into an eCommerce leader. Along the way, we’ve built not only a platform, but a company and a worldwide community. Together, we’ve identified opportunities, taken risks, innovated, struggled, succeeded, and changed the face of eCommerce. Today marks a milestone on this journey as we announce the most exciting news in our company’s history.

Magento has reached an agreement to be acquired by eBay Inc. We believe this move will open incredible opportunities for the entire Magento ecosystem.

The Big Picture

Why is this acquisition so exciting for all of us? eBay is evolving to become a strategic commerce partner focused on delivering new ways for merchants of all sizes to drive innovation. As a centerpiece of this strategy, they are building a global, open commerce platform that leverages the worldwide developer community. And Magento will be at the core of this new, open commerce platform, called “X.Commerce.”

Magento & eBay

As many of you know, Magento has had a relationship with eBay for some time. In March 2010, eBay became our first outside investor. Over the past year, eBay has gotten to know our platform, our culture, and our community. They have experienced the passion of the Magento ecosystem, and they are eager to harness the power of this ecosystem to create the next generation of eCommerce innovation.

Magento Forward: The Details

How will this acquisition impact our organization, customers and partners? It’s too soon to know all the details, but there are a few things we know. Magento will continue to operate out of LA, with Yoav Kutner and me as its leaders following the closing. We’ll continue building our team and our enhancing our product line, including the Magento Community, Enterprise, and Mobile Editions, as well as Magento Go and the Magento Go Platform. And we’ll continue strengthening our training, education, packaged consulting services and support efforts around the world.

Through it all, we’ll be collaborating with our colleagues at eBay on developing the X.Commerce platform and defining the next generation of eCommerce innovation.

Yoav and I recorded a short video message for the community – you can find it on our blog, along with FAQs about the pending acquisition.

Creating The Future Together

To all the members the Magento family: we thank you for all the passion, expertise and hard work that you’ve invested in Magento. Thanks to you, Magento finds itself exactly where we’ve always aimed to be: at the core of eCommerce. We are thrilled to become part of a larger organization that recognizes – as we always have – that the future of eCommerce is global, innovative and open. We look forward to creating that future with all of you.

Warm Regards,

Roy Rubin
Co-Founder and CEO, Magento

Magento’s eCommerce Stimulus Fund

Leave a reply

Magento’s eCommerce Stimulus Fund

http://www.magentocommerce.com/go/1-million/

Magento has launched a $1 Million stimulus fund to help you get started. You can use this money to run your Magento Go online store free for a year!

But, funds are limited and we are distributing them on a first-come first-serve basis, so you’ll have to hurry if you want to claim your share.

Here’s how it works:

1) Start a free 30-day trial of Magento Go
2) Complete all the steps required to launch your store
3) Select a Magento Plan

What you Get:

$15/month credit towards your Magento Go Store for 1 year

So, what are you waiting for? A handout? Well, here it is. We can’t build the store for you, so get going and start your free trial.

Magento GO and e-mail address concerns

1 Reply

Magento Go does not provide you with e-mail hosting… No worries we have options.

Most likely if you are creating a Magento Go store you already have a custom domain i.e. yourdomain.com.
Magento Go being as awesome as it is is not an e-mail hosting provider.

Here are a few alternatives.

Google Apps – Google Apps has two different versions a free version for up to 50 users with limited capability or Google Apps for Business which is $50 per user per year.

Other e-mail services you can use are ones provided from domain registrar or your previous webhost.

GoDaddy, Rackspace, HostGator, FuseMail and more.

Magento Commerce – Popular but worth it?

Leave a reply

Magento is becoming quite popular and magento developers are in demand.

So here is a short Good VS Bad of Magento

GOOD

Magento Commerce beats the competition all around.  Why?

– Magento Commerce allows for multiple stores and store fronts

– Magento Commerce can be extended very easily

– Magento Commerce has a large community that is growing exponentially

– Magento Commerce is secure and scalable

– Magento is Object Oriented

BAD

– Magento Commerce is bulky and huge

Let me know your thoughts!

How to Reduce Notification Update Frequency in Magento

1 Reply

Ever get annoyed with the numerous notifications you receive from Varien/Magento regarding versions being stable or available?

When Varien releases a new update to Magento it is an RSS feed which will announce a certain version is stable (even though you have just installed this version).  Thus below is a simple tip to remove those frequent notifications or simple having it update you every 24 hours.

To accomplish this task you will need to do the following

SYSTEM -> CONFIGURATIOn and then scroll all the way to the bottom and select “SYSTEM” on the ADVANCED menu to the left.

On the right hand side click NOTIFICATION which will then expand the drop down menu.

Select your frequency – (I recommend 24 hours) then click SAVE CONFIGURATION

By doing this simple tip – this will reduce the load on you server .  Now imagine if everyone on the server did this?

3 tips to boost performance and speed of magento store

Leave a reply

Here are some tips to help boost the performance and speed of your Magento store:

Disable Access Time Logging

For Linux servers, if you have access-time logging enabled on any of your mysql, web server or cache partitions, you might want to try turning it off for a performance boost. If you’re using ext3 or reiserfs there may be faster journal write methods you can use. For more information go to Linux.com.

Enable KeepAlives in Apache

First, you will need to make sure your Apache configuration has KeepAlives enabled. KeepAlives allow multiple HTTP requests to be funneled through a single TCP connection. Since the setup of each TCP connection incurs additional time, this can significantly reduce the time it takes to download all the files (HTML, JavaScript, images) for a website. For more information go to Apache.org.

Memory Based File Systems

Are you using a memory-based filesystem such as tmpfs? These help Magento move faster because of all the reads/writes. Magento makes extensive use of file-based storage for caching and session storage. One of the slowest components in a server may be the hard drive, so if you use a memory-based filesystem such as tmpfs, you can save on all those disk IO cycles by storing these temporary files in memory instead of storing them on your hard drive.