AuthManager (T91699) is forced to do an ugly hack (see the usingGlobalSession() calls here) to support the use case where one temporarily replaces the real session (that corresponds with actual request) with an artificial one, e.g. call RequestContext::importScopedSession() with a FauxRequest and then call User::loadFromSession(). It would be nice to get rid of that.
|Resolved||Anomie||T111296 Get rid of FauxRequest support in AuthManager|
|Resolved||Anomie||T91699 Create AuthManager framework and core classes|
|Resolved||Joe||T97675 Custom session handler corrupted by session_destroy, "Failed to initialize storage module"|
|Resolved||Joe||T106483 Create new HHVM package for HHVM 3.6.5 + patches|
|Resolved||hashar||T106699 Upgrade HHVM related packages on Trusty Jenkins slaves|
|Resolved||bd808||T95864 Mocking abstract objects fails on HHVM|
|Resolved||Anomie||T110274 Fix PHPUnit version incompatibility between AuthManager and Jenkins|
|Resolved||Krinkle||T99982 Upgrade PHPUnit to 4.0+|
|Open||None||T90303 Fetch dependencies using composer instead of cloning mediawiki/vendor for non-wmf branches|
|Resolved||JanZerebecki||T106433 replace inline perl in builder wd-mw-composer-merged-install with a proper script|
|Resolved||Krinkle||T112895 Support installing composer require-dev packages together with mediawiki/vendor|
|Resolved||Tgr||T110628 Improve AuthManager documentation|
Using RequestContext::importScopedSession() to actually import the session is long since deprecated (the main user was for uploads but changed to use the "main stash"). It's really just for the IP/agent/User aspects of the "logical session" but not the actual PHP session. It might be easier to just audit callers and confirm that the session parts can just be removed to avoid the hassle.
Ugh, UploadFromUrlJob should be rewritten to use the getMainStashInstance() for the temp results and API status checks instead of the sessions (which are reused in the jobs by the runners).