Revert r29671, it was based on a misunderstanding of the purpose of the LoggedOut...

* Credential data in the session is destroyed, so the session is harmless. But it is still useful for abuse tracking (logout/login sequences) and similar analysis.
* Not much point in removing the username persistence feature if you can't improve the squid cache hit ratio, which was obviously your goal.

diff --git a/includes/User.php b/includes/User.php
index c0acf5b..6734c32 100644 (file)
--- a/includes/User.php
+++ b/includes/User.php
@@ -1977,13 +1977,12 @@ class User {
                $this->clearInstanceCache( 'defaults' );
 
                $_SESSION['wsUserID'] = 0;
-               
+
                setcookie( $wgCookiePrefix.'UserID', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
                setcookie( $wgCookiePrefix.'Token', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
-               setcookie( $wgCookiePrefix.'UserName', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
-               setcookie( $wgCookiePrefix.'LoggedOut', '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
-               setcookie( session_name(), '', time() - 3600, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
-               session_destroy();
+
+               # Remember when user logged out, to prevent seeing cached pages
+               setcookie( $wgCookiePrefix.'LoggedOut', wfTimestampNow(), time() + 86400, $wgCookiePath, $wgCookieDomain, $wgCookieSecure );
        }
 
        /**