Merge "build: Bump grunt-contrib-jshint from 0.11.3 to 0.12.0"

[lhc/web/wiklou.git] / includes / session / PHPSessionHandler.php

diff --git a/includes/session/PHPSessionHandler.php b/includes/session/PHPSessionHandler.php
index c59cc96..795e253 100644 (file)
--- a/includes/session/PHPSessionHandler.php
+++ b/includes/session/PHPSessionHandler.php
@@ -123,6 +123,12 @@ class PHPSessionHandler {
                ini_set( 'session.use_cookies', 0 );
                ini_set( 'session.use_trans_sid', 0 );
 
+               // T124510: Disable automatic PHP session related cache headers.
+               // MediaWiki adds it's own headers and the default PHP behavior may
+               // set headers such as 'Pragma: no-cache' that cause problems with
+               // some user agents.
+               session_cache_limiter( '' );
+
                // Also set a sane serialization handler
                \Wikimedia\PhpSessionSerializer::setSerializeHandler();
 
@@ -208,7 +214,7 @@ class PHPSessionHandler {
                        throw new \BadMethodCallException( 'Attempt to use PHP session management' );
                }
 
-               $session = $this->manager->getSessionById( $id, true );
+               $session = $this->manager->getSessionById( $id, false );
                if ( !$session ) {
                        return '';
                }
@@ -236,7 +242,17 @@ class PHPSessionHandler {
                        throw new \BadMethodCallException( 'Attempt to use PHP session management' );
                }
 
-               $session = $this->manager->getSessionById( $id );
+               $session = $this->manager->getSessionById( $id, true );
+               if ( !$session ) {
+                       // This can happen under normal circumstances, if the session exists but is
+                       // invalid. Let's emit a log warning instead of a PHP warning.
+                       $this->logger->warning(
+                               __METHOD__ . ': Session "{session}" cannot be loaded, skipping write.',
+                               array(
+                                       'session' => $id,
+                       ) );
+                       return true;
+               }
 
                // First, decode the string PHP handed us
                $data = \Wikimedia\PhpSessionSerializer::decode( $dataStr );
@@ -250,7 +266,7 @@ class PHPSessionHandler {
                $changed = false;
                $cache = isset( $this->sessionFieldCache[$id] ) ? $this->sessionFieldCache[$id] : array();
                foreach ( $data as $key => $value ) {
-                       if ( !isset( $cache[$key] ) ) {
+                       if ( !array_key_exists( $key, $cache ) ) {
                                if ( $session->exists( $key ) ) {
                                        // New in both, so ignore and log
                                        $this->logger->warning(
@@ -285,7 +301,7 @@ class PHPSessionHandler {
                // (but not if $_SESSION can't represent it at all)
                \Wikimedia\PhpSessionSerializer::setLogger( new \Psr\Log\NullLogger() );
                foreach ( $cache as $key => $value ) {
-                       if ( !isset( $data[$key] ) && $session->exists( $key ) &&
+                       if ( !array_key_exists( $key, $data ) && $session->exists( $key ) &&
                                \Wikimedia\PhpSessionSerializer::encode( array( $key => true ) )
                        ) {
                                if ( $cache[$key] === $session->get( $key ) ) {
@@ -331,7 +347,7 @@ class PHPSessionHandler {
                if ( !$this->enable ) {
                        throw new \BadMethodCallException( 'Attempt to use PHP session management' );
                }
-               $session = $this->manager->getSessionById( $id, true );
+               $session = $this->manager->getSessionById( $id, false );
                if ( $session ) {
                        $session->clear();
                }