Make the session cacheLimiter a configuration option.

Instead of hardcoding to must-revalidate, developers can use a more
suitable option if they do not have to support IE8.

Refs #7096
This commit is contained in:
mark_story 2016-01-18 22:17:30 -05:00
parent a530414a88
commit 57f620fc22
3 changed files with 26 additions and 2 deletions

View file

@ -201,6 +201,8 @@
* to the ini array.
* - `Session.autoRegenerate` - Enabling this setting, turns on automatic renewal of sessions, and
* sessionids that change frequently. See CakeSession::$requestCountdown.
* - `Session.cacheLimiter` - Configure the cache control headers used for the session cookie.
* See http://php.net/session_cache_limiter for accepted values.
* - `Session.ini` - An associative array of additional ini values to set.
*
* The built in defaults are:

View file

@ -541,6 +541,10 @@ class CakeSession {
if (!isset($sessionConfig['ini']['session.cookie_httponly'])) {
$sessionConfig['ini']['session.cookie_httponly'] = 1;
}
// For IE<=8
if (!isset($sessionConfig['cacheLimiter'])) {
$sessionConfig['cacheLimiter'] = 'must-revalidate';
}
if (empty($_SESSION)) {
if (!empty($sessionConfig['ini']) && is_array($sessionConfig['ini'])) {
@ -696,8 +700,10 @@ class CakeSession {
$_SESSION = array();
}
} else {
// For IE<=8
session_cache_limiter("must-revalidate");
$limit = Configure::read('Session.cacheLimiter');
if (!empty($limit)) {
session_cache_limiter($limit);
}
session_start();
}
return true;

View file

@ -514,6 +514,22 @@ class CakeSessionTest extends CakeTestCase {
$this->assertEquals(null, TestCakeSession::read('SessionTestCase'));
}
/**
* Test te cacheLimiter settings.
*
* @return void
*/
public function testCacheLimiter() {
Configure::write('Session.cacheLimiter', 'public');
TestCakeSession::start();
$this->assertSame('public', session_cache_limiter());
Configure::write('Session.cacheLimiter', 'private');
TestCakeSession::destroy();
TestCakeSession::start();
$this->assertSame('private', session_cache_limiter());
}
/**
* testCheckUserAgentFalse method
*