1. 02 Mar, 2016 1 commit
  2. 29 Feb, 2016 1 commit
  3. 01 Jul, 2014 1 commit
    • Petr Skoda's avatar
      MDL-46099 session: fix use of references for session globals · 2e00d01d
      Petr Skoda authored
      This reverses the references used for global $USER and $SESSION,
      the reason is that PHP does not allow references to references.
      $USER is a reference to $GLOBALS['USER'] which means we cannot
      put any references to it. Solution is to store the current user and session
      objects in $GLOBALS['USER'] and $GLOBALS['SESSIOn'] are reference
      them in $_SESSION.
      
      This patch makes the session code behave the same way in CLI,
      phpunit and normal web requests - this allows use to finally
      unit test most aspects of the session code in Moodle.
      2e00d01d
  4. 21 Sep, 2013 1 commit
    • Petr Škoda's avatar
      MDL-31501 rework user session architecture · d79d5ac2
      Petr Škoda authored
      List of changes:
       * New OOP API using PHP namespace \core\session\.
       * All handlers now update the sessions table consistently.
       * Experimental DB session support in Oracle.
       * Full support for session file handler (filesystem locking required).
       * New option for alternative session directory.
       * Official memcached session handler support.
       * Workaround for memcached version with non-functional gc.
       * Improved security - forced session id regeneration.
       * Improved compatibility with recent PHP releases.
       * Fixed borked CSS during install in debug mode.
       * Switched to file based sessions in new installs.
       * DB session setting disappears if DB does not support sessions.
       * DB session setting disappears if session handler specified in config.php.
       * Fast purging of sessions used in request only.
       * No legacy distinction -  file, database and memcached support the same functionality.
       * Session handler name included in performance info.
       * Fixed user_loggedin and user_loggedout event triggering.
       * Other minor bugfixing and improvements.
       * Fixed database session segfault if MUC disposed before $DB.
      
      Limitations:
       * Session access time is now updated right after session start.
       * Support for $CFG->sessionlockloggedinonly was removed.
       * First request does not update userid in sessions table.
       * The timeouts may break badly if server hosting forces PHP.ini session settings.
       * The session GC is a lot slower, we do not rely on external session timeouts.
       * There cannot be any hooks triggered at the session write time.
       * File and memcached handlers do not support session lock acquire timeouts.
       * Some low level PHP session functions can not be used directly in Moodle code.
      d79d5ac2
  5. 20 Aug, 2013 1 commit