* @since 1.21
*/
public function exportSession() {
- $session = MediaWiki\Session\SessionManager::getGlobalSession();
return array(
'ip' => $this->getRequest()->getIP(),
'headers' => $this->getRequest()->getAllHeaders(),
- 'sessionId' => $session->isPersistent() ? $session->getId() : '',
+ 'sessionId' => session_id(),
'userId' => $this->getUser()->getId()
);
}
* @since 1.21
*/
public static function importScopedSession( array $params ) {
- if ( strlen( $params['sessionId'] ) &&
- MediaWiki\Session\SessionManager::getGlobalSession()->isPersistent()
- ) {
+ if ( session_id() != '' && strlen( $params['sessionId'] ) ) {
// Sanity check to avoid sending random cookies for the wrong users.
// This method should only called by CLI scripts or by HTTP job runners.
throw new MWException( "Sessions can only be imported when none is active." );
global $wgRequest, $wgUser;
$context = RequestContext::getMain();
-
// Commit and close any current session
- if ( MediaWiki\Session\PHPSessionHandler::isEnabled() ) {
- session_write_close(); // persist
- session_id( '' ); // detach
- $_SESSION = array(); // clear in-memory array
- }
-
- // Get new session, if applicable
- $session = null;
- if ( strlen( $params['sessionId'] ) ) { // don't make a new random ID
- $manager = MediaWiki\Session\SessionManager::singleton();
- $session = $manager->getSessionById( $params['sessionId'], true )
- ?: $manager->getEmptySession();
- }
-
- // Remove any user IP or agent information, and attach the request
- // with the new session.
- $context->setRequest( new FauxRequest( array(), false, $session ) );
+ session_write_close(); // persist
+ session_id( '' ); // detach
+ $_SESSION = array(); // clear in-memory array
+ // Remove any user IP or agent information
+ $context->setRequest( new FauxRequest() );
$wgRequest = $context->getRequest(); // b/c
-
// Now that all private information is detached from the user, it should
// be safe to load the new user. If errors occur or an exception is thrown
// and caught (leaving the main context in a mixed state), there is no risk
// of the User object being attached to the wrong IP, headers, or session.
$context->setUser( $user );
$wgUser = $context->getUser(); // b/c
- if ( $session && MediaWiki\Session\PHPSessionHandler::isEnabled() ) {
- session_id( $session->getId() );
- MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' );
- MediaWiki\quietCall( 'session_start' );
+ if ( strlen( $params['sessionId'] ) ) { // don't make a new random ID
+ wfSetupSession( $params['sessionId'] ); // sets $_SESSION
}
- $request = new FauxRequest( array(), false, $session );
+ $request = new FauxRequest( array(), false, $_SESSION );
$request->setIP( $params['ip'] );
foreach ( $params['headers'] as $name => $value ) {
$request->setHeader( $name, $value );