X-Git-Url: http://git.heureux-cyclage.org/?a=blobdiff_plain;f=includes%2Fsession%2FSessionInfo.php;h=287da9dde36eef54b89b93679d9f3ee748096ffe;hb=7471e1db1b613d035f981f489f8683a177acff7e;hp=c235861f5759d1f4d1bcbba153af35d1bf522e39;hpb=cba9d9c41dee8a4fcaf5600e4cf8ca8e4f777908;p=lhc%2Fweb%2Fwiklou.git

diff --git a/includes/session/SessionInfo.php b/includes/session/SessionInfo.php
index c235861f57..287da9dde3 100644
--- a/includes/session/SessionInfo.php
+++ b/includes/session/SessionInfo.php
@@ -73,7 +73,8 @@ class SessionInfo {
 	 *    Defaults to true.
 	 *  - forceHTTPS: (bool) Whether to force HTTPS for this session
 	 *  - metadata: (array) Provider metadata, to be returned by
-	 *    Session::getProviderMetadata().
+	 *    Session::getProviderMetadata(). See SessionProvider::mergeMetadata()
+	 *    and SessionProvider::refreshSessionInfo().
 	 *  - idIsSafe: (bool) Set true if the 'id' did not come from the user.
 	 *    Generally you'll use this from SessionProvider::newEmptySession(),
 	 *    and not from any other method.
@@ -200,7 +201,8 @@ class SessionInfo {
 	 * The normal behavior is to discard the SessionInfo if validation against
 	 * the data stored in the session store fails. If this returns true,
 	 * SessionManager will instead delete the session store data so this
-	 * SessionInfo may still be used.
+	 * SessionInfo may still be used. This is important for providers which use
+	 * deterministic IDs and so cannot just generate a random new one.
 	 *
 	 * @return bool
 	 */