Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Call session_cache_limiter() before starting a session

Browse source 
Call `session_cache_limiter( 'private, must-revalidate' );` before
starting a session to specify the cache control headers that PHP will
automatically emit. The calls are wrapped in MediaWiki\quietCall to
suppress "headers have already been sent" warnings that may come from PHP.

If not called explicitly PHP will default to using
the value of the session.cache_limiter ini setting. Some values of that
setting will cause PHP to add a "Pragma: no-cache" header to the
response. Certain user agents (e.g. Firefox) treat that particular
header as a signal to aggressively flush the response from local cache
to the point that back button navigation will not work.

The value used was present in `wfSetupSession` prior to a73c5b7.

Bug: T124510
Change-Id: I942f8420c39c8cec5781ea8f6cc5619fd15f13cd
This commit is contained in:
Bryan Davis 2016-01-25 10:04:29 -07:00
parent 31d4359b45
commit 7491b52f70
4 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
includes/GlobalFunctions.php
View file

@ -3082,7 +3082,7 @@ function wfSetupSession( $sessionId = false ) {
if ( session_id() !== $session->getId() ) {
session_id( $session->getId() );
}
MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' );
MediaWiki\quietCall( 'session_start' );
}

1
includes/Setup.php
View file

@ -738,6 +738,7 @@ if ( !defined( 'MW_NO_SESSION' ) && !$wgCommandLineMode ) {
) {
// Start the PHP-session for backwards compatibility
session_id( $session->getId() );
MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' );
MediaWiki\quietCall( 'session_start' );
}
}

1
includes/context/RequestContext.php
View file

@ -594,6 +594,7 @@ class RequestContext implements IContextSource, MutableContext {
$wgUser = $context->getUser(); // b/c
if ( $session && MediaWiki\Session\PHPSessionHandler::isEnabled() ) {
session_id( $session->getId() );
MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' );
MediaWiki\quietCall( 'session_start' );
}
$request = new FauxRequest( array(), false, $session );

1
includes/session/SessionBackend.php
View file

@ -643,6 +643,7 @@ final class SessionBackend {
) {
$this->logger->debug( "SessionBackend $this->id: Taking over PHP session" );
session_id( (string)$this->id );
\MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' );
\MediaWiki\quietCall( 'session_start' );
}
}