From cc586b28c81d45db105c7e375eefa741700fcb06 Mon Sep 17 00:00:00 2001
From: Tom Gilder <tomgilder@users.mediawiki.org>
Date: Tue, 18 Jan 2005 02:24:19 +0000
Subject: [PATCH] Don't show cached logged-in pages to logged-out users (bug
 63)

---
 includes/OutputPage.php |  2 +-
 includes/User.php       | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/includes/OutputPage.php b/includes/OutputPage.php
index a9ce24ffad..2903e0dbce 100644
--- a/includes/OutputPage.php
+++ b/includes/OutputPage.php
@@ -112,7 +112,7 @@ class OutputPage {
 			$ismodsince = wfTimestamp( TS_MW, strtotime( $modsince ) );
 			wfDebug( "-- client send If-Modified-Since: " . $modsince . "\n", false );
 			wfDebug( "--  we might send Last-Modified : $lastmod\n", false );
-			if( ($ismodsince >= $timestamp ) and $wgUser->validateCache( $ismodsince ) ) {
+			if( ($ismodsince >= $timestamp ) && $wgUser->validateCache( $ismodsince ) && !$wgUser->wasLoggedInAt( $ismodsince )) {
 				# Make sure you're in a place you can leave when you call us!
 				header( "HTTP/1.0 304 Not Modified" );
 				$this->mLastModified = $lastmod;
diff --git a/includes/User.php b/includes/User.php
index ffd7e0cca7..c347f3030e 100644
--- a/includes/User.php
+++ b/includes/User.php
@@ -899,6 +899,10 @@ class User {
 		} else {
 			setcookie( $wgDBname.'Token', '', time() - 3600 );
 		}
+
+		# Clear previous logged out time, set logged in time
+		setcookie( $wgDBname.'LoggedOut', '', time() - 3600, $wgCookiePath, $wgCookieDomain );
+		setcookie( $wgDBname.'LoggedIn', wfTimestampNow(), time() + 86400, $wgCookiePath, $wgCookieDomain );
 	}
 
 	/**
@@ -914,6 +918,9 @@ class User {
 
 		setcookie( $wgDBname.'UserID', '', time() - 3600, $wgCookiePath, $wgCookieDomain );
 		setcookie( $wgDBname.'Token', '', time() - 3600, $wgCookiePath, $wgCookieDomain );
+
+		# Remember when user logged out, to prevent seeing cached pages
+		setcookie( $wgDBname.'LoggedOut', wfTimestampNow(), time() + 86400, $wgCookiePath, $wgCookieDomain );
 	}
 
 	/**
@@ -1177,6 +1184,20 @@ class User {
 		}
 		return false;
 	}
+
+	/**
+	 * Check if the user was logged on at a certain timestamp, but no longer is.
+	 * @param int $timestamp Timestamp to check.
+	 * @return bool True if user was logged in.
+	 */
+	function wasLoggedInAt( $timestamp ) {
+		global $wgDBname;
+
+		if ( !$this->getID() && isset( $_COOKIE[$wgDBname.'LoggedIn'] ) && isset( $_COOKIE[$wgDBname.'LoggedOut'] ) )
+			return ( $timestamp >= $_COOKIE[$wgDBname.'LoggedIn'] && $timestamp <= $_COOKIE[$wgDBname.'LoggedOut'] );
+		else
+			return false;
+	}
 }
 
 ?>
-- 
2.20.1