Author: nlgordon
Description:
Patch to check for save_handler being set to user instead of !file
I do web hosting and use a load balancer to make my life simpler. Unfortunately php sessions don't work by default unless tweaks are made. I've choosen to go the route of using session_mysql http://websupport.sk/~stanojr/projects/session_mysql/. This is an extension to PHP that allows php to save session data in a mysql database transparently to apps. Unfortunately I see that includes/GlobalFunctions.php is explicitly setting the save handler to files for what I assume is ease of use for some users, it is making my life more complicated. And while I can tweak the couple of mediawiki installs that I manage, I have more users who manage their own code which I can't muck with.
Given the comments around it, I would assume there are people out their without sane save_handler settings (being set to user globally for example). Unfortunately I don't believe that mediawiki setting it unconditionally to something that works most of the time is the right solution. If sessions are broken on a user's host then they need to fix it. They could easily drop in an ini_set in their Local Settings file to set it to files if their environment is broken.
Unless I'm missing something this would make sense to get rid of or at least make non-default at some point. Theoretically if it is set to user, and it was done correctly it would still work as expected. The only cases setting to files fixes are when the user has a broken session setup. Heck, even a check in the install to verify that sessions are properly setup and a warning that they must be working to have media wiki work.
My apologies if I'm sounding bitter. I'm just not sure I see the usefulness in mucking with the session settings given to us by the server setup. This also includes the bits I see shortly after this setting the cookie params. Could this become an option that is only turned on if sessions fail miserably? Possibly checking for user being set instead of != files?
Version: 1.11.x
Severity: normal
attachment session.save_handler.patch ignored as obsolete