Call `session_cache_limiter( 'private, must-revalidate' );` before
starting a session to specify the cache control headers that PHP will
automatically emit. The calls are wrapped in MediaWiki\quietCall to
suppress "headers have already been sent" warnings that may come from PHP.
If not called explicitly PHP will default to using
the value of the session.cache_limiter ini setting. Some values of that
setting will cause PHP to add a "Pragma: no-cache" header to the
response. Certain user agents (e.g. Firefox) treat that particular
header as a signal to aggressively flush the response from local cache
to the point that back button navigation will not work.
The value used was present in `wfSetupSession` prior to
a73c5b7.
Bug: T124510
Change-Id: I942f8420c39c8cec5781ea8f6cc5619fd15f13cd
if ( session_id() !== $session->getId() ) {
session_id( $session->getId() );
}
-
+ MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' );
MediaWiki\quietCall( 'session_start' );
}
) {
// Start the PHP-session for backwards compatibility
session_id( $session->getId() );
+ MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' );
MediaWiki\quietCall( 'session_start' );
}
}
$wgUser = $context->getUser(); // b/c
if ( $session && MediaWiki\Session\PHPSessionHandler::isEnabled() ) {
session_id( $session->getId() );
+ MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' );
MediaWiki\quietCall( 'session_start' );
}
$request = new FauxRequest( array(), false, $session );
) {
$this->logger->debug( "SessionBackend $this->id: Taking over PHP session" );
session_id( (string)$this->id );
+ \MediaWiki\quietCall( 'session_cache_limiter', 'private, must-revalidate' );
\MediaWiki\quietCall( 'session_start' );
}
}
dépôts / lhc / web / wiklou.git / commitdiff