From 52ffe630f4bfb44f625df10e6232190a43b3925a Mon Sep 17 00:00:00 2001 From: Aaron Schulz Date: Thu, 9 Jul 2015 14:32:04 -0700 Subject: [PATCH] importScopedSession() comment updates Change-Id: I9c545a2c255d2af0826499754555b2e0d95159fb --- includes/context/RequestContext.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/includes/context/RequestContext.php b/includes/context/RequestContext.php index e676ec96fb..99c1a062a6 100644 --- a/includes/context/RequestContext.php +++ b/includes/context/RequestContext.php @@ -494,15 +494,17 @@ class RequestContext implements IContextSource { /** * Import an client IP address, HTTP headers, user ID, and session ID * - * This sets the current session and sets $wgUser and $wgRequest. + * This sets the current session, $wgUser, and $wgRequest from $params. * Once the return value falls out of scope, the old context is restored. - * This method should only be called in contexts (CLI or HTTP job runners) - * where there is no session ID or end user receiving the response. This + * This method should only be called in contexts where there is no session + * ID or end user receiving the response (CLI or HTTP job runners). This * is partly enforced, and is done so to avoid leaking cookies if certain * error conditions arise. * - * This will setup the session from the given ID. This is useful when - * background scripts inherit context when acting on behalf of a user. + * This is useful when background scripts inherit context when acting on + * behalf of a user. In general the 'sessionId' parameter should be set + * to an empty string unless session importing is *truly* needed. This + * feature is somewhat deprecated. * * @note suhosin.session.encrypt may interfere with this method. * -- 2.20.1