use Liuggio\StatsdClient\Sender\SocketSender;
use MediaWiki\Logger\LoggerFactory;
+use MediaWiki\Session\SessionManager;
// Hide compatibility functions from Doxygen
/// @cond
/**
* Check if there is sufficient entropy in php's built-in session generation
*
+ * @deprecated since 1.27, PHP's session generation isn't used with
+ * MediaWiki\\Session\\SessionManager
* @return bool True = there is sufficient entropy
*/
function wfCheckEntropy() {
+ wfDeprecated( __FUNCTION__, '1.27' );
return (
( wfIsWindows() && version_compare( PHP_VERSION, '5.3.3', '>=' ) )
|| ini_get( 'session.entropy_file' )
}
/**
- * Override session_id before session startup if php's built-in
- * session generation code is not secure.
+ * @deprecated since 1.27, PHP's session generation isn't used with
+ * MediaWiki\\Session\\SessionManager
*/
function wfFixSessionID() {
- // If the cookie or session id is already set we already have a session and should abort
- if ( isset( $_COOKIE[session_name()] ) || session_id() ) {
- return;
- }
-
- // PHP's built-in session entropy is enabled if:
- // - entropy_file is set or you're on Windows with php 5.3.3+
- // - AND entropy_length is > 0
- // We treat it as disabled if it doesn't have an entropy length of at least 32
- $entropyEnabled = wfCheckEntropy();
-
- // If built-in entropy is not enabled or not sufficient override PHP's
- // built in session id generation code
- if ( !$entropyEnabled ) {
- wfDebug( __METHOD__ . ": PHP's built in entropy is disabled or not sufficient, " .
- "overriding session id generation using our cryptrand source.\n" );
- session_id( MWCryptRand::generateHex( 32 ) );
- }
+ wfDeprecated( __FUNCTION__, '1.27' );
}
/**
- * Reset the session_id
+ * Reset the session id
*
+ * @deprecated since 1.27, use MediaWiki\\Session\\SessionManager instead
* @since 1.22
*/
function wfResetSessionID() {
- global $wgCookieSecure;
- $oldSessionId = session_id();
- $cookieParams = session_get_cookie_params();
- if ( wfCheckEntropy() && $wgCookieSecure == $cookieParams['secure'] ) {
- session_regenerate_id( false );
- } else {
- $tmp = $_SESSION;
- session_destroy();
- wfSetupSession( MWCryptRand::generateHex( 32 ) );
- $_SESSION = $tmp;
+ wfDeprecated( __FUNCTION__, '1.27' );
+ $session = SessionManager::getGlobalSession();
+ $delay = $session->delaySave();
+
+ $session->resetId();
+
+ // Make sure a session is started, since that's what the old
+ // wfResetSessionID() did.
+ if ( session_id() !== $session->getId() ) {
+ wfSetupSession( $session->getId() );
}
- $newSessionId = session_id();
+
+ ScopedCallback::consume( $delay );
}
/**
* Initialise php session
*
- * @param bool $sessionId
+ * @deprecated since 1.27, use MediaWiki\\Session\\SessionManager instead.
+ * Generally, "using" SessionManager will be calling ->getSessionById() or
+ * ::getGlobalSession() (depending on whether you were passing $sessionId
+ * here), then calling $session->persist().
+ * @param bool|string $sessionId
*/
function wfSetupSession( $sessionId = false ) {
- global $wgSessionsInObjectCache, $wgSessionHandler;
- global $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly;
+ wfDeprecated( __FUNCTION__, '1.27' );
- if ( $wgSessionsInObjectCache ) {
- ObjectCacheSessionHandler::install();
- } elseif ( $wgSessionHandler && $wgSessionHandler != ini_get( 'session.save_handler' ) ) {
- # Only set this if $wgSessionHandler isn't null and session.save_handler
- # hasn't already been set to the desired value (that causes errors)
- ini_set( 'session.save_handler', $wgSessionHandler );
+ // If they're calling this, they probably want our session management even
+ // if NO_SESSION was set for Setup.php.
+ if ( !MediaWiki\Session\PHPSessionHandler::isInstalled() ) {
+ MediaWiki\Session\PHPSessionHandler::install( SessionManager::singleton() );
}
- session_set_cookie_params(
- 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure, $wgCookieHttpOnly );
- session_cache_limiter( 'private, must-revalidate' );
if ( $sessionId ) {
session_id( $sessionId );
- } else {
- wfFixSessionID();
}
- MediaWiki\suppressWarnings();
- session_start();
- MediaWiki\restoreWarnings();
+ $session = SessionManager::getGlobalSession();
+ $session->persist();
- if ( $wgSessionsInObjectCache ) {
- ObjectCacheSessionHandler::renewCurrentSession();
+ if ( session_id() !== $session->getId() ) {
+ session_id( $session->getId() );
}
+ MediaWiki\quietCall( 'session_start' );
}
/**