From 43420a0506b3115833d4b5d11b9e56579a967cdd Mon Sep 17 00:00:00 2001
From: Ori Livneh <ori@wikimedia.org>
Date: Wed, 24 Feb 2016 15:32:57 -0800
Subject: [PATCH] SessionBackend: skip isUserSessionPrevented check for anons

For anon requests, the call to SessionManager::isUserSessionPrevented(
$this->user->getName() ) is both expensive (because of the need to
sanitize the IP) and pointless, because the session-prevention feature
is intended for named accounts. So short-circuit the check if the user is not
logged in.

Change-Id: I17386b97e229b492723b46db1e1ae16fd4b0fc5a
---
 includes/session/SessionBackend.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/includes/session/SessionBackend.php b/includes/session/SessionBackend.php
index 0a9191b123..0424a2da07 100644
--- a/includes/session/SessionBackend.php
+++ b/includes/session/SessionBackend.php
@@ -572,7 +572,9 @@ final class SessionBackend {
 	 * @param bool $closing Whether the session is being closed
 	 */
 	public function save( $closing = false ) {
-		if ( $this->provider->getManager()->isUserSessionPrevented( $this->user->getName() ) ) {
+		$anon = $this->user->isAnon();
+
+		if ( !$anon && $this->provider->getManager()->isUserSessionPrevented( $this->user->getName() ) ) {
 			$this->logger->debug(
 				'SessionBackend "{session}" not saving, user {user} was ' .
 				'passed to SessionManager::preventSessionsForUser',
@@ -585,7 +587,6 @@ final class SessionBackend {
 
 		// Ensure the user has a token
 		// @codeCoverageIgnoreStart
-		$anon = $this->user->isAnon();
 		if ( !$anon && !$this->user->getToken( false ) ) {
 			$this->logger->debug(
 				'SessionBackend "{session}" creating token for user {user} on save',
-- 
2.20.1