public function provideSessionInfo( WebRequest $request ) {
$info = array(
- 'id' => $this->getCookie( $request, $this->params['sessionName'], '' )
+ 'id' => $this->getCookie( $request, $this->params['sessionName'], '' ),
+ 'provider' => $this,
+ 'forceHTTPS' => $this->getCookie( $request, 'forceHTTPS', '', false )
);
if ( !SessionManager::validateSessionId( $info['id'] ) ) {
unset( $info['id'] );
}
+ $info['persisted'] = isset( $info['id'] );
list( $userId, $userName, $token ) = $this->getUserInfoFromCookies( $request );
if ( $userId !== null ) {
return null;
}
$info['userInfo'] = $userInfo->verified();
- } elseif ( isset( $info['id'] ) ) { // No point if no session ID
+ } elseif ( isset( $info['id'] ) ) {
$info['userInfo'] = $userInfo;
+ } else {
+ // No point in returning, loadSessionInfoFromStore() will
+ // reject it anyway.
+ return null;
}
- }
-
- if ( !$info ) {
+ } elseif ( isset( $info['id'] ) ) {
+ // No UserID cookie, so insist that the session is anonymous.
+ $info['userInfo'] = UserInfo::newAnonymous();
+ } else {
+ // No session ID and no user is the same as an empty session, so
+ // there's no point.
return null;
}
- $info += array(
- 'provider' => $this,
- 'persisted' => isset( $info['id'] ),
- 'forceHTTPS' => $this->getCookie( $request, 'forceHTTPS', '', false )
- );
-
return new SessionInfo( $this->priority, $info );
}
$forceHTTPS = $session->shouldForceHTTPS() || $user->requiresHTTPS();
if ( $forceHTTPS ) {
- $options['secure'] = true;
+ // Don't set the secure flag if the request came in
+ // over "http", for backwards compat.
+ // @todo Break that backwards compat properly.
+ $options['secure'] = $this->config->get( 'CookieSecure' );
}
$response->setCookie( $this->params['sessionName'], $session->getId(), null,