diff options
| author | Bryan Davis <bd808@wikimedia.org> | 2016-01-25 10:04:29 -0700 |
|---|---|---|
| committer | Bryan Davis <bd808@wikimedia.org> | 2016-01-25 11:23:14 -0700 |
| commit | 7491b52f700e220814a8190781fd794b4dd88a20 (patch) | |
| tree | 6a29dc0a2c246d13b70ff91b9ae1881dac8d2ed4 /includes/session | |
| parent | 31d4359b45a4a8d7174753ba90ee33de685160cb (diff) | |
| download | mediawikicore-7491b52f700e220814a8190781fd794b4dd88a20.tar.gz mediawikicore-7491b52f700e220814a8190781fd794b4dd88a20.zip | |
Call session_cache_limiter() before starting a session
Call `session_cache_limiter( 'private, must-revalidate' );` before
starting a session to specify the cache control headers that PHP will
automatically emit. The calls are wrapped in MediaWiki\quietCall to
suppress "headers have already been sent" warnings that may come from PHP.
If not called explicitly PHP will default to using
the value of the session.cache_limiter ini setting. Some values of that
setting will cause PHP to add a "Pragma: no-cache" header to the
response. Certain user agents (e.g. Firefox) treat that particular
header as a signal to aggressively flush the response from local cache
to the point that back button navigation will not work.
The value used was present in `wfSetupSession` prior to a73c5b7.
Bug: T124510
Change-Id: I942f8420c39c8cec5781ea8f6cc5619fd15f13cd
Diffstat (limited to 'includes/session')
| -rw-r--r-- | includes/session/SessionBackend.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/includes/session/SessionBackend.php b/includes/session/SessionBackend.php index 3c0f69266113..95c6f0c7f687 100644 --- a/includes/session/SessionBackend.php +++ b/includes/session/SessionBackend.php @@ -643,6 +643,7 @@ final class SessionBackend { ) { $this->logger->debug( "SessionBackend $this->id: Taking over PHP session" ); session_id( (string)$this->id ); + \MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' ); \MediaWiki\quietCall( 'session_start' ); } } |