Enforce no-session constraint in opensearch_desc.php and profileinfo.php

Attempts to use session data via these endpoints will now cause
exceptions to be thrown.

Bug: T127233
Change-Id: I28b080a84e7b928e4336a5a1ec770bb57b05d009

diff --git a/opensearch_desc.php b/opensearch_desc.php
index b9b2161..bd3281a 100644 (file)
--- a/opensearch_desc.php
+++ b/opensearch_desc.php
@@ -21,9 +21,8 @@
  */
 
 // This endpoint is supposed to be independent of request cookies and other
-// details of the session. Log warnings for violations of the no-session
-// constraint.
-define( 'MW_NO_SESSION', 'warn' );
+// details of the session. Enforce this constraint with respect to session use.
+define( 'MW_NO_SESSION', 1 );
 
 require_once __DIR__ . '/includes/WebStart.php';
 

diff --git a/profileinfo.php b/profileinfo.php
index 0a60b08..c65f952 100644 (file)
--- a/profileinfo.php
+++ b/profileinfo.php
@@ -37,9 +37,8 @@
  */
 
 // This endpoint is supposed to be independent of request cookies and other
-// details of the session. Log warnings for violations of the no-session
-// constraint.
-define( 'MW_NO_SESSION', 'warn' );
+// details of the session. Enforce this constraint with respect to session use.
+define( 'MW_NO_SESSION', 1 );
 
 ini_set( 'zlib.output_compression', 'off' );