Disable automatic cache headers associated with starting a session

Follow up to 7491b52. The 'private, must-revalidate' argument to
session_cache_limiter() does not match any expected values for the
function. This results in the PHP runtime treating it like the
documented empty string argument which completely disables the automatic
addition of cache related headers. Change the implementation to use the
empty string argument explicitly rather than continuing to rely on
the undocumented and potentially confusing existing behavior.

session_cache_limiter( '' ) is called unconditionally in
MediaWiki\Session\PHPSessionHandler::install(). This is safe now that it
is understood that we are disabling the setting of the automatic
headers.

Bug: T124510
Change-Id: I63164f8b7a408e370ff01dead42be27a0135dd35

diff --git a/includes/GlobalFunctions.php b/includes/GlobalFunctions.php
index 4066945..66201b5 100644 (file)
--- a/includes/GlobalFunctions.php
+++ b/includes/GlobalFunctions.php
@@ -3082,7 +3082,6 @@ function wfSetupSession( $sessionId = false ) {
        if ( session_id() !== $session->getId() ) {
                session_id( $session->getId() );
        }
-       MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' );
        MediaWiki\quietCall( 'session_start' );
 }
 

diff --git a/includes/Setup.php b/includes/Setup.php
index 6c85638..ba3d628 100644 (file)
--- a/includes/Setup.php
+++ b/includes/Setup.php
@@ -738,7 +738,6 @@ if ( !defined( 'MW_NO_SESSION' ) && !$wgCommandLineMode ) {
        ) {
                // Start the PHP-session for backwards compatibility
                session_id( $session->getId() );
-               MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' );
                MediaWiki\quietCall( 'session_start' );
        }
 }

diff --git a/includes/context/RequestContext.php b/includes/context/RequestContext.php
index 73e11b5..8056b4d 100644 (file)
--- a/includes/context/RequestContext.php
+++ b/includes/context/RequestContext.php
@@ -595,7 +595,6 @@ class RequestContext implements IContextSource, MutableContext {
                        $wgUser = $context->getUser(); // b/c
                        if ( $session && MediaWiki\Session\PHPSessionHandler::isEnabled() ) {
                                session_id( $session->getId() );
-                               MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' );
                                MediaWiki\quietCall( 'session_start' );
                        }
                        $request = new FauxRequest( array(), false, $session );

diff --git a/includes/session/PHPSessionHandler.php b/includes/session/PHPSessionHandler.php
index d21bea9..4dea274 100644 (file)
--- a/includes/session/PHPSessionHandler.php
+++ b/includes/session/PHPSessionHandler.php
@@ -123,6 +123,12 @@ class PHPSessionHandler {
                ini_set( 'session.use_cookies', 0 );
                ini_set( 'session.use_trans_sid', 0 );
 
+               // T124510: Disable automatic PHP session related cache headers.
+               // MediaWiki adds it's own headers and the default PHP behavior may
+               // set headers such as 'Pragma: no-cache' that cause problems with
+               // some user agents.
+               session_cache_limiter( '' );
+
                // Also set a sane serialization handler
                \Wikimedia\PhpSessionSerializer::setSerializeHandler();
 

diff --git a/includes/session/SessionBackend.php b/includes/session/SessionBackend.php
index 2a13ed2..d177fc5 100644 (file)
--- a/includes/session/SessionBackend.php
+++ b/includes/session/SessionBackend.php
@@ -668,7 +668,6 @@ final class SessionBackend {
                        ) {
                                $this->logger->debug( "SessionBackend $this->id: Taking over PHP session" );
                                session_id( (string)$this->id );
-                               \MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' );
                                \MediaWiki\quietCall( 'session_start' );
                        }
                }