aboutsummaryrefslogtreecommitdiffstats
path: root/includes/session/SessionProviderInterface.php
Commit message (Collapse)AuthorAgeFilesLines
* Move Language and friends into Language namespaceJames D. Forrester2024-08-101-1/+1
| | | | | Bug: T353458 Change-Id: Id3202c0c4f4a2043bf97b7caee081acab684155c
* Namespace Message, move to appropriate directoryJames D. Forrester2024-02-141-1/+1
| | | | | Bug: T353458 Change-Id: I088cbc53fbcdb974e5b05b45a62e91709dacc024
* SessionProvider: add ability to declare maintenance usersErik Bernhardson2024-01-241-0/+8
| | | | | | | | | | | | | Adds a new method to the SessionProviderInterface that declares if the session provide is exempt from user creation authorization. This is intended to support use cases where the SessionProvider is providing access to maintenance related users external to MediaWiki itself. For example in a supporting application to a wiki farm. This lets the SessionProvider declare that account creation, in it's context, is allowable even if anonymous account registration is disabled. Bug: T345185 Change-Id: Iab3d93a3457e73eff408c1938fbdcb01d8be9a7a
* Allow SessionProviderInterface to say if it is safe against CSRFBill Pirkle2020-03-111-0/+6
| | | | | | | | | | Most SessionProviderInterface implementations require CSRF protection, but some (notably MWOAuthSessionProvider from the OAuth extension) do not. Add a function for the implementing class to indicate whether or not the provider is safe against CSRF protection. Bug: T237852 Change-Id: Ib452b6c75aa7d40dd211a6064f97509b664c3ffc
* Add missing use statementsUmherirrender2018-06-271-0/+1
| | | | | | Swap some ResultWrapper/Database to interface IResultWrapper/IDatabase Change-Id: I312cb3cca5742f72efdb0965ba35362f2eb1129d
* Revert "Remove SessionManager, temporarily"Brad Jorsch2016-02-031-0/+54
| | | | | | This reverts commit 823db5d63dd5200d04c63da50ba6bf16f928e70b. Change-Id: Ibb3e023e4eb6715295586dea87d0725c344a8271
* Remove SessionManager, temporarilyBrad Jorsch2016-02-011-54/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The plan here is to take it out of 1.27.0-wmf.12 and put it back in 1.27.0-wmf.13. Since BotPasswords depends on SessionManager, that's getting temporarily removed too. This reverts the following commits: * 6acd424e0dbc322e8b9a141bd2625453c1b9b6f1 SessionManager: Notify AuthPlugin before calling hooks * 4d1ad32d8acbd443346253d2f6a95024c833295c Close a loophole in CookieSessionProvider * fcdd643a46d87b677f6cdcc3ba9440e1472d8df7 SessionManager: Don't save non-persisted sessions to backend storage * 058aec4c76129b7ee8541692a8a48f8046e15bb6 MessageCache: Don't get a ParserOptions for $wgUser before the end of Setup.php * b5c0c03bb708f8dad6e404969df8addc123984db SessionManager: Save user name to metadata even if the user doesn't exist locally * 13f2f09a193215aa7a061d10a1955e172d06fa0a SECURITY: Fix User::setToken() call on User::newSystemUser * 305bc75b27903237a9683ec1f329bcbec0ecd266 SessionManager: Don't generate user tokens when checking the tokens * 7c4bd85d2152fd9fa975ea0fb5ffb1a0b804f99b RequestContext::exportSession() should only export persisted session IDs * 296ccfd4a9a6ad3ae412db7e2408c923aaa61f64 SessionManager: Save 'persisted' flag in session metadata * 94ba53f67731b0553a6178841d9506e384f74496 Move CSRF token handling into MediaWiki\Session\Session * 46a565d6b00174e631d2022b47677e1a78e73897 Avoid false "added in both Session and $_SESSION" when value is null * c00d0b5d94c946b8883dd7062bf7160a199aa5c2 Log backtrace for "User::loadFromSession called before the end of Setup.php" * 4eeff5b559e2ae7b8fa1f45572968ba28573a421 Use $wgSecureCookie to decide whether to actually mark secure cookies as 'secure' * 7491b52f700e220814a8190781fd794b4dd88a20 Call session_cache_limiter() before starting a session * 2c34aeea72471f9a598e67bdbf34bc5f9fb3f0c5 SessionManager: Abstract forceHTTPS cookie setting * 9aa53627a53aabec0273cecf45a86e77927ef406 Ignore auth cookies with value 'deleted' * 43f904b51a746d7f71ea2ab9951c5c98d269765b SessionManager: Kill getPersistedSessionId() * 50c52563528ba3d765c3762211f98d6f3c0e39fd SessionManager: Add SessionBackend::setProviderMetadata() * f640d403154bc0a2b4f6d399582797a9e3bc6fcb SessionManager: Notify AuthPlugin when auto-creating accounts * 70b05d1ac1e859bac2185b246e9b93ec9051e4d8 Add checks of $wgEnableBotPasswords in more places * bfed32eb78b6c720b16bc7ed60153fd2fe257a9e Do not raise a PHP warning when session write fails * 722a7331ad8d98228511f8da38adc7a3c64dd617 Only check LoggedOut timestamp on the user loaded from session * 4f5057b84b36eccd16627a6b29831dfdb4483b02 SessionManager: Change behavior of getSessionById() * 66e82e614e157e39b03d813e71ddf23f53cf640b Fix typo in [[MediaWiki:Botpasswords-editexisting/en]] * f9fd9516d922d36291037baca7205a2b0ac9f15f Add "bot passwords" * d7716f1df0b692902571bf415a0984071e3e9a60 Add missing argument for wfDebugLog * a73c5b7395a07d490f7052fd3b2491ebd656b190 Add SessionManager Change-Id: I2389a8133e25ab929e9f27f41fa9a05df8147a50
* Add SessionManagerBrad Jorsch2016-01-121-0/+54
SessionManager is a general-purpose session management framework, rather than the cookie-based sessions that PHP wants to provide us. While fallback is provided for using $_SESSION and other PHP session management functions, they should be avoided in favor of using SessionManager directly. For proof-of-concept extensions, see OAuth change Ib40b221 and CentralAuth change I27ccabdb. Bug: T111296 Change-Id: Ic1ffea74f3ccc8f93c8a23b795ecab6f06abca72
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-22 05:07:25 +0000