Reviewed: https://reviews.mahara.org/6369 Committed: https://git.mahara.org/mahara/mahara/commit/6d469bd61156ceabdfee10291d0af6b096b2309d Submitter: Aaron Wells ([email protected]) Branch: 15.10_STABLE
commit 6d469bd61156ceabdfee10291d0af6b096b2309d Author: Aaron Wells <[email protected]> Date: Fri Apr 15 20:12:17 2016 +1200 Bug 1570744: Fixing session bugs This patch does 2 things: 1. It loads the session much earlier during init.php. We wind up creating one on *every* script load anyway, due to LiveUser's constructor. Sometimes it gets created earlier if other code tries to use it before then, which adds some unpredictability to things. Moving it up to the top of init.php reduces that unpredictability. 2. It turns out that in PHP 5.3, using header_remove('Set-Cookie') to only doesn't remove session headers. But header_remove() (with no params) to remove *all* cookies does remove them. So I'm changing remove_duplicate_cookies() to use that instead. 3. Also in PHP 5.3, session headers are visible in headers_list(). In situations where your session id changes (due to session_destroy() and session_regenerate_id()), our use of array_unique() meant we would preserve the old and new session IDs and send both back to the browser. This patch makes remove_duplicate_cookies() aware of the current session ID, and it only preserves that one. Change-Id: I7a90b8692a5f97429415aa9a17451a44cd2109dd behatnotneeded: Covered by existing tests (cherry picked from commit 83ec33f245b645e58d797fb1b2316d11e369119d) -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1570744 Title: Duplicate session headers not removed in PHP 5.3 Status in Mahara: Fix Committed Status in Mahara 15.04 series: Fix Committed Status in Mahara 15.10 series: Fix Committed Status in Mahara 16.04 series: Fix Committed Status in Mahara 16.10 series: Fix Committed Bug description: See also Bug 1570179. It turns out that our method clear_duplicate_cookies() doesn't work in PHP 5.3, because the behavior of session headers is different there than in the versions of PHP we tested on. We need to rewrite the function to work properly in PHP 5.3, as long as we claim to support 5.3. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1570744/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
