Follow up to
7491b52. The 'private, must-revalidate' argument to
session_cache_limiter() does not match any expected values for the
function. This results in the PHP runtime treating it like the
documented empty string argument which completely disables the automatic
addition of cache related headers. Change the implementation to use the
empty string argument explicitly rather than continuing to rely on
the undocumented and potentially confusing existing behavior.
session_cache_limiter( '' ) is called unconditionally in
MediaWiki\Session\PHPSessionHandler::install(). This is safe now that it
is understood that we are disabling the setting of the automatic
headers.
Bug: T124510
Change-Id: I63164f8b7a408e370ff01dead42be27a0135dd35
if ( session_id() !== $session->getId() ) {
session_id( $session->getId() );
}
- MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' );
MediaWiki\quietCall( 'session_start' );
}
) {
// Start the PHP-session for backwards compatibility
session_id( $session->getId() );
- MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' );
MediaWiki\quietCall( 'session_start' );
}
}
$wgUser = $context->getUser(); // b/c
if ( $session && MediaWiki\Session\PHPSessionHandler::isEnabled() ) {
session_id( $session->getId() );
- MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' );
MediaWiki\quietCall( 'session_start' );
}
$request = new FauxRequest( array(), false, $session );
ini_set( 'session.use_cookies', 0 );
ini_set( 'session.use_trans_sid', 0 );
+ // T124510: Disable automatic PHP session related cache headers.
+ // MediaWiki adds it's own headers and the default PHP behavior may
+ // set headers such as 'Pragma: no-cache' that cause problems with
+ // some user agents.
+ session_cache_limiter( '' );
+
// Also set a sane serialization handler
\Wikimedia\PhpSessionSerializer::setSerializeHandler();
) {
$this->logger->debug( "SessionBackend $this->id: Taking over PHP session" );
session_id( (string)$this->id );
- \MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' );
\MediaWiki\quietCall( 'session_start' );
}
}