From 7f6453944e7684185dcb37a6a966156df3c870a4 Mon Sep 17 00:00:00 2001 From: Tim Starling Date: Sun, 13 Jan 2008 03:47:07 +0000 Subject: [PATCH] Revert r29671, it was based on a misunderstanding of the purpose of the LoggedOut cookie. The LoggedOut cookie is there to suppress the client-side cache, not the server-side cache. It prevents privately cached logged-in pages from being displayed after the user logs out. Feel free to special-case it in squid if you're worried about the server-side cache hit ratio, but note that IMS requests would need special handling. * Credential data in the session is destroyed, so the session is harmless. But it is still useful for abuse tracking (logout/login sequences) and similar analysis. * Not much point in removing the username persistence feature if you can't improve the squid cache hit ratio, which was obviously your goal. --- includes/User.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/includes/User.php b/includes/User.php index c0acf5becf..6734c322ee 100644 --- a/includes/User.php +++ b/includes/User.php @@ -1977,13 +1977,12 @@ class User { $this->clearInstanceCache( 'defaults' ); $_SESSION['wsUserID'] = 0; - + setcookie( $wgCookiePrefix.'UserID', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure ); setcookie( $wgCookiePrefix.'Token', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure ); - setcookie( $wgCookiePrefix.'UserName', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure ); - setcookie( $wgCookiePrefix.'LoggedOut', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure ); - setcookie( session_name(), '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure ); - session_destroy(); + + # Remember when user logged out, to prevent seeing cached pages + setcookie( $wgCookiePrefix.'LoggedOut', wfTimestampNow(), time() + 86400, $wgCookiePath, $wgCookieDomain, $wgCookieSecure ); } /** -- 2.20.1