AuthManager (T91699) is forced to do an ugly hack (see the usingGlobalSession() calls here) to support the use case where one temporarily replaces the real session (that corresponds with actual request) with an artificial one, e.g. call RequestContext::importScopedSession() with a FauxRequest and then call User::loadFromSession(). It would be nice to get rid of that.
Description
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
Add SessionManager | mediawiki/core | master | +9 K -663 |
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Anomie | T111296 Get rid of FauxRequest support in AuthManager | |||
Resolved | Anomie | T91699 Create AuthManager framework and core classes | |||
Resolved | Joe | T97675 Custom session handler corrupted by session_destroy, "Failed to initialize storage module" | |||
Resolved | Joe | T106483 Create new HHVM package for HHVM 3.6.5 + patches | |||
Resolved | hashar | T106699 Upgrade HHVM related packages on Trusty Jenkins slaves | |||
Resolved | bd808 | T95864 Mocking abstract objects fails on HHVM | |||
Resolved | Anomie | T110274 Fix PHPUnit version incompatibility between AuthManager and Jenkins | |||
Resolved | Krinkle | T99982 Upgrade PHPUnit to 4.0+ | |||
Resolved | None | T90303 Fetch dependencies using composer instead of cloning mediawiki/vendor for non-wmf branches | |||
Resolved | JanZerebecki | T106433 replace inline perl in builder wd-mw-composer-merged-install with a proper script | |||
Resolved | Krinkle | T112895 Support installing composer require-dev packages together with mediawiki/vendor | |||
Resolved | Tgr | T110628 Improve AuthManager documentation |
Event Timeline
Change 243223 had a related patch set uploaded (by Gergő Tisza):
WIP: Add SessionManager
Using RequestContext::importScopedSession() to actually import the session is long since deprecated (the main user was for uploads but changed to use the "main stash"). It's really just for the IP/agent/User aspects of the "logical session" but not the actual PHP session. It might be easier to just audit callers and confirm that the session parts can just be removed to avoid the hassle.
Ugh, UploadFromUrlJob should be rewritten to use the getMainStashInstance() for the temp results and API status checks instead of the sessions (which are reused in the jobs by the runners).
There should be a developer notice about SessionManager being deployed next week (unexpected login errors etc), I didn't find a better task to flag for it.