ini_set( 'session.use_cookies', 0 );
ini_set( 'session.use_trans_sid', 0 );
+ // T124510: Disable automatic PHP session related cache headers.
+ // MediaWiki adds it's own headers and the default PHP behavior may
+ // set headers such as 'Pragma: no-cache' that cause problems with
+ // some user agents.
+ session_cache_limiter( '' );
+
// Also set a sane serialization handler
\Wikimedia\PhpSessionSerializer::setSerializeHandler();
throw new \BadMethodCallException( 'Attempt to use PHP session management' );
}
- $session = $this->manager->getSessionById( $id, true );
+ $session = $this->manager->getSessionById( $id, false );
if ( !$session ) {
return '';
}
throw new \BadMethodCallException( 'Attempt to use PHP session management' );
}
- $session = $this->manager->getSessionById( $id );
+ $session = $this->manager->getSessionById( $id, true );
+ if ( !$session ) {
+ // This can happen under normal circumstances, if the session exists but is
+ // invalid. Let's emit a log warning instead of a PHP warning.
+ $this->logger->warning(
+ __METHOD__ . ': Session "{session}" cannot be loaded, skipping write.',
+ array(
+ 'session' => $id,
+ ) );
+ return true;
+ }
// First, decode the string PHP handed us
$data = \Wikimedia\PhpSessionSerializer::decode( $dataStr );
$changed = false;
$cache = isset( $this->sessionFieldCache[$id] ) ? $this->sessionFieldCache[$id] : array();
foreach ( $data as $key => $value ) {
- if ( !isset( $cache[$key] ) ) {
+ if ( !array_key_exists( $key, $cache ) ) {
if ( $session->exists( $key ) ) {
// New in both, so ignore and log
$this->logger->warning(
// (but not if $_SESSION can't represent it at all)
\Wikimedia\PhpSessionSerializer::setLogger( new \Psr\Log\NullLogger() );
foreach ( $cache as $key => $value ) {
- if ( !isset( $data[$key] ) && $session->exists( $key ) &&
+ if ( !array_key_exists( $key, $data ) && $session->exists( $key ) &&
\Wikimedia\PhpSessionSerializer::encode( array( $key => true ) )
) {
if ( $cache[$key] === $session->get( $key ) ) {
if ( !$this->enable ) {
throw new \BadMethodCallException( 'Attempt to use PHP session management' );
}
- $session = $this->manager->getSessionById( $id, true );
+ $session = $this->manager->getSessionById( $id, false );
if ( $session ) {
$session->clear();
}