HomePhabricator

Call session_cache_limiter() before starting a session

Authored by bd808.

Description

Call session_cache_limiter() before starting a session

Call session_cache_limiter( 'private, must-revalidate' ); before
starting a session to specify the cache control headers that PHP will
automatically emit. The calls are wrapped in MediaWiki\quietCall to
suppress "headers have already been sent" warnings that may come from PHP.

If not called explicitly PHP will default to using
the value of the session.cache_limiter ini setting. Some values of that
setting will cause PHP to add a "Pragma: no-cache" header to the
response. Certain user agents (e.g. Firefox) treat that particular
header as a signal to aggressively flush the response from local cache
to the point that back button navigation will not work.

The value used was present in wfSetupSession prior to a73c5b7.

Bug: T124510
Change-Id: I942f8420c39c8cec5781ea8f6cc5619fd15f13cd

Details

Committed
bd808Jan 25 2016, 6:23 PM
Parents
rMW31d4359b45a4: Fix typo in cookie key
Branches
Unknown
Tags
Unknown
References
refs/changes/58/266258/3
ChangeId
I942f8420c39c8cec5781ea8f6cc5619fd15f13cd