diff --git a/app/Config/core.php b/app/Config/core.php index 093087a70..61277674d 100644 --- a/app/Config/core.php +++ b/app/Config/core.php @@ -201,6 +201,8 @@ * to the ini array. * - `Session.autoRegenerate` - Enabling this setting, turns on automatic renewal of sessions, and * sessionids that change frequently. See CakeSession::$requestCountdown. + * - `Session.cacheLimiter` - Configure the cache control headers used for the session cookie. + * See http://php.net/session_cache_limiter for accepted values. * - `Session.ini` - An associative array of additional ini values to set. * * The built in defaults are: diff --git a/lib/Cake/Model/Datasource/CakeSession.php b/lib/Cake/Model/Datasource/CakeSession.php index 147cc102b..fd4d892e8 100644 --- a/lib/Cake/Model/Datasource/CakeSession.php +++ b/lib/Cake/Model/Datasource/CakeSession.php @@ -541,6 +541,10 @@ class CakeSession { if (!isset($sessionConfig['ini']['session.cookie_httponly'])) { $sessionConfig['ini']['session.cookie_httponly'] = 1; } + // For IE<=8 + if (!isset($sessionConfig['cacheLimiter'])) { + $sessionConfig['cacheLimiter'] = 'must-revalidate'; + } if (empty($_SESSION)) { if (!empty($sessionConfig['ini']) && is_array($sessionConfig['ini'])) { @@ -696,8 +700,10 @@ class CakeSession { $_SESSION = array(); } } else { - // For IE<=8 - session_cache_limiter("must-revalidate"); + $limit = Configure::read('Session.cacheLimiter'); + if (!empty($limit)) { + session_cache_limiter($limit); + } session_start(); } return true; diff --git a/lib/Cake/Test/Case/Model/Datasource/CakeSessionTest.php b/lib/Cake/Test/Case/Model/Datasource/CakeSessionTest.php index 41111a898..bb263076d 100644 --- a/lib/Cake/Test/Case/Model/Datasource/CakeSessionTest.php +++ b/lib/Cake/Test/Case/Model/Datasource/CakeSessionTest.php @@ -514,6 +514,22 @@ class CakeSessionTest extends CakeTestCase { $this->assertEquals(null, TestCakeSession::read('SessionTestCase')); } +/** + * Test te cacheLimiter settings. + * + * @return void + */ + public function testCacheLimiter() { + Configure::write('Session.cacheLimiter', 'public'); + TestCakeSession::start(); + $this->assertSame('public', session_cache_limiter()); + + Configure::write('Session.cacheLimiter', 'private'); + TestCakeSession::destroy(); + TestCakeSession::start(); + $this->assertSame('private', session_cache_limiter()); + } + /** * testCheckUserAgentFalse method *