Index: update.php =================================================================== RCS file: /cvs/drupal/drupal/update.php,v retrieving revision 1.267 diff -u -9 -p -r1.267 update.php --- update.php 24 Nov 2008 10:41:39 -0000 1.267 +++ update.php 29 Nov 2008 17:58:23 -0000 @@ -684,18 +684,19 @@ if (empty($op)) { print theme('update_page', '
', FALSE); exit; } install_goto('update.php?op=info'); } update_prepare_d7_bootstrap(); drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL); drupal_maintenance_theme(); +drupal_session_start(); // Turn error reporting back on. From now on, only fatal errors (which are // not passed through the error handler) will cause a message to be printed. ini_set('display_errors', TRUE); // Access check: if (!empty($update_free_access) || $user->uid == 1) { include_once DRUPAL_ROOT . '/includes/install.inc'; Index: includes/batch.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/batch.inc,v retrieving revision 1.28 diff -u -9 -p -r1.28 batch.inc --- includes/batch.inc 10 Nov 2008 05:22:56 -0000 1.28 +++ includes/batch.inc 29 Nov 2008 17:58:23 -0000 @@ -350,18 +350,19 @@ function _batch_finished() { // Let drupal_redirect_form handle redirection logic. $form = isset($batch['form']) ? $batch['form'] : array(); if (empty($_batch['form_state']['rebuild']) && empty($_batch['form_state']['storage'])) { drupal_redirect_form($form, $redirect); } // We get here if $form['#redirect'] was FALSE, or if the form is a // multi-step form. We save the final $form_state value to be retrieved // by drupal_get_form, and we redirect to the originating page. + drupal_session_start(); $_SESSION['batch_form_state'] = $_batch['form_state']; drupal_goto($_batch['source_page']); } } /** * Shutdown function: store the batch data for next request, * or clear the table if the batch is finished. */ Index: includes/bootstrap.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v retrieving revision 1.254 diff -u -9 -p -r1.254 bootstrap.inc --- includes/bootstrap.inc 24 Nov 2008 10:41:39 -0000 1.254 +++ includes/bootstrap.inc 29 Nov 2008 17:58:24 -0000 @@ -648,35 +648,52 @@ function variable_del($name) { cache_clear_all('variables', 'cache'); unset($conf[$name]); } /** * Retrieve the current page from the cache. * - * Note: we do not serve cached pages when status messages are waiting (from - * a redirected form submission which was completed). + * Note: we do not serve cached pages to authenticated users, or to anonymous + * users when $_SESSION is non-empty (it may contain e.g. status messages from + * a form submission). + * + * @param $bootstrap + * If TRUE, look up and return the current page in the cache, or start output + * buffering if the conditions for caching are satisfied. If FALSE, only + * return a boolean value indicating whether the current request may be + * cached. + * @return + * The cache object, if the page was found in the cache; TRUE if the page was + * not found, but output buffering was started in order to possibly cache the + * current request; FALSE if the page was not found, and the current request + * may not be cached (e.g. because it belongs to an authenticated user). If + * $fetch is TRUE, only return either TRUE or FALSE. */ -function page_get_cache() { +function page_get_cache($bootstrap) { global $user, $base_root; + static $ob_started = FALSE; - $cache = NULL; - - if (!$user->uid && ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD') && count(drupal_set_message()) == 0) { + if ($user->uid || ($_SERVER['REQUEST_METHOD'] != 'GET' && $_SERVER['REQUEST_METHOD'] != 'HEAD') || !empty($_SESSION)) { + return FALSE; + } + if ($bootstrap) { $cache = cache_get($base_root . request_uri(), 'cache_page'); - - if (empty($cache)) { + if ($cache) { + return $cache; + } + else { ob_start(); + $ob_started = TRUE; } } - - return $cache; + return $ob_started; } /** * Includes a file with the provided type and name. This prevents * including a theme, engine, module, etc., more than once. * * @param $type * The type of item to load (i.e. theme, theme_engine, module). * @param $name @@ -932,18 +949,20 @@ function watchdog($type, $message, $vari * - 'status' * - 'warning' * - 'error' * @param $repeat * If this is FALSE and the message is already set, then the message won't * be repeated. */ function drupal_set_message($message = NULL, $type = 'status', $repeat = TRUE) { if ($message) { + drupal_session_start(); + if (!isset($_SESSION['messages'])) { $_SESSION['messages'] = array(); } if (!isset($_SESSION['messages'][$type])) { $_SESSION['messages'][$type] = array(); } if ($repeat || !in_array($message, $_SESSION['messages'][$type])) { @@ -1070,19 +1089,19 @@ function drupal_bootstrap($phase = NULL) * drupal_bootstrap(). * * @see drupal_bootstrap */ function drupal_get_bootstrap_phase() { return drupal_bootstrap(); } function _drupal_bootstrap($phase) { - global $conf; + global $conf, $user; switch ($phase) { case DRUPAL_BOOTSTRAP_CONFIGURATION: drupal_initialize_variables(); // Start a page timer: timer_start('page'); // Initialize the configuration conf_init(); @@ -1116,48 +1135,68 @@ function _drupal_bootstrap($phase) { header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden'); print 'Sorry, ' . check_plain(ip_address()) . ' has been banned.'; exit(); } break; case DRUPAL_BOOTSTRAP_SESSION: require_once DRUPAL_ROOT . '/' . variable_get('session_inc', 'includes/session.inc'); session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy_sid', '_sess_gc'); - session_start(); + // If a session cookie exists, initialize the session. Otherwise the + // session is only started on demand using drupal_session_start(), making + // anonymous users not use a session cookie unless something is stored in + // $_SESSION. This allows HTTP proxies to cache anonymous pageviews. + if (isset($_COOKIE[session_name()])) { + drupal_session_start(); + } + else { + $user = drupal_anonymous_user(); + } break; case DRUPAL_BOOTSTRAP_VARIABLES: // Initialize configuration variables, using values from settings.php if available. $conf = variable_init(isset($conf) ? $conf : array()); break; case DRUPAL_BOOTSTRAP_LATE_PAGE_CACHE: $cache_mode = variable_get('cache', CACHE_DISABLED); // Get the page from the cache. - $cache = $cache_mode == CACHE_DISABLED ? '' : page_get_cache(); + $cache = $cache_mode == CACHE_DISABLED ? FALSE : page_get_cache(TRUE); // If the skipping of the bootstrap hooks is not enforced, call hook_boot. - if (!$cache || $cache_mode != CACHE_AGGRESSIVE) { + if (!is_object($cache) || $cache_mode != CACHE_AGGRESSIVE) { // Load module handling. require_once DRUPAL_ROOT . '/includes/module.inc'; module_invoke_all('boot'); } // If there is a cached page, display it. - if ($cache) { + if (is_object($cache)) { + // Destroy empty anonymous sessions if possible. + if (drupal_session_start(FALSE) && empty($_SESSION)) { + session_destroy(); + } drupal_page_cache_header($cache); // If the skipping of the bootstrap hooks is not enforced, call hook_exit. if ($cache_mode != CACHE_AGGRESSIVE) { module_invoke_all('exit'); } // We are done. exit; } // Prepare for non-cached page workflow. drupal_page_header(); + // If the session has not already been started and output buffering is + // not enabled, the session must be started now before the HTTP headers + // are sent. If output buffering is enabled, the session may be started + // at any time using drupal_session_start(). + if ($cache === FALSE) { + drupal_session_start(); + } break; case DRUPAL_BOOTSTRAP_LANGUAGE: drupal_init_language(); break; case DRUPAL_BOOTSTRAP_PATH: require_once DRUPAL_ROOT . '/includes/path.inc'; // Initialize $_GET['q'] prior to loading modules and invoking hook_init(). Index: includes/common.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/common.inc,v retrieving revision 1.831 diff -u -9 -p -r1.831 common.inc --- includes/common.inc 23 Nov 2008 16:54:47 -0000 1.831 +++ includes/common.inc 29 Nov 2008 17:58:24 -0000 @@ -333,21 +333,23 @@ function drupal_goto($path = '', $query // Remove newlines from the URL to avoid header injection attacks. $url = str_replace(array("\n", "\r"), '', $url); // Allow modules to react to the end of the page request before redirecting. // We do not want this while running update.php. if (!defined('MAINTENANCE_MODE') || MAINTENANCE_MODE != 'update') { module_invoke_all('exit', $url); } - // Even though session_write_close() is registered as a shutdown function, we - // need all session data written to the database before redirecting. - session_write_close(); + if (drupal_session_start(FALSE)) { + // Even though session_write_close() is registered as a shutdown function, + // we need all session data written to the database before redirecting. + session_write_close(); + } header('Location: ' . $url, TRUE, $http_response_code); // The "Location" header sends a redirect status code to the HTTP daemon. In // some cases this can be wrong, so we make sure none of the code below the // drupal_goto() call gets executed upon redirection. exit(); } @@ -1669,18 +1671,24 @@ function l($text, $path, array $options } /** * Perform end-of-request tasks. * * This function sets the page cache if appropriate, and allows modules to * react to the closing of the page by calling hook_exit(). */ function drupal_page_footer() { + global $user; + + // Destroy empty anonymous sessions if possible. + if (!headers_sent() && drupal_session_start(FALSE) && empty($_SESSION) && !$user->uid) { + session_destroy(); + } if (variable_get('cache', CACHE_DISABLED) != CACHE_DISABLED) { page_set_cache(); } module_invoke_all('exit'); module_implements(MODULE_IMPLEMENTS_WRITE_CACHE); _registry_check_code(REGISTRY_WRITE_LOOKUP_CACHE); @@ -2809,38 +2817,36 @@ function _drupal_bootstrap_full() { * The majority of all modern browsers support gzip or both of them. * We thus only deal with the gzip variant and unzip the cache in case * the browser does not accept gzip encoding. * * @see drupal_page_header */ function page_set_cache() { global $user, $base_root; - if (!$user->uid && ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD') && count(drupal_get_messages(NULL, FALSE)) == 0) { - // This will fail in some cases, see page_get_cache() for the explanation. - if ($data = ob_get_contents()) { - $cache = TRUE; - if (variable_get('page_compression', TRUE) && function_exists('gzencode')) { - // We do not store the data in case the zlib mode is deflate. - // This should be rarely happening. - if (zlib_get_coding_type() == 'deflate') { - $cache = FALSE; - } - elseif (zlib_get_coding_type() == FALSE) { - $data = gzencode($data, 9, FORCE_GZIP); - } - // The remaining case is 'gzip' which means the data is - // already compressed and nothing left to do but to store it. - } - ob_end_flush(); - if ($cache && $data) { - cache_set($base_root . request_uri(), $data, 'cache_page', CACHE_TEMPORARY, drupal_get_headers()); - } + if (page_get_cache(FALSE)) { + $cache = TRUE; + $data = ob_get_contents(); + if (variable_get('page_compression', TRUE) && function_exists('gzencode')) { + // We do not store the data in case the zlib mode is deflate. This should + // be rarely happening. + if (zlib_get_coding_type() == 'deflate') { + $cache = FALSE; + } + elseif (zlib_get_coding_type() == FALSE) { + $data = gzencode($data, 9, FORCE_GZIP); + } + // The remaining case is 'gzip' which means the data is already + // compressed and nothing left to do but to store it. + } + ob_end_flush(); + if ($cache && $data) { + cache_set($base_root . request_uri(), $data, 'cache_page', CACHE_TEMPORARY, drupal_get_headers()); } } } /** * Executes a cron run when called * @return * Returns TRUE if ran successfully */ Index: includes/session.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/session.inc,v retrieving revision 1.64 diff -u -9 -p -r1.64 session.inc --- includes/session.inc 24 Nov 2008 06:12:45 -0000 1.64 +++ includes/session.inc 29 Nov 2008 17:58:24 -0000 @@ -153,18 +153,31 @@ function _sess_write($key, $value) { )) ->condition('uid', $user->uid) ->execute(); } return TRUE; } /** + * Propagate $_SESSION and set session cookie if not already set. This function + * should be called explicitly before writing to $_SESSION. + */ +function drupal_session_start($start = TRUE) { + static $started = FALSE; + if ($start && !$started) { + $started = TRUE; + session_start(); + } + return $started; +} + +/** * Called when an anonymous user becomes authenticated or vice-versa. */ function drupal_session_regenerate() { $old_session_id = session_id(); extract(session_get_cookie_params()); // Set "httponly" to TRUE to reduce the risk of session stealing via XSS. session_set_cookie_params($lifetime, $path, $domain, $secure, TRUE); session_regenerate_id(); db_update('sessions') @@ -205,18 +218,20 @@ function drupal_session_count($timestamp * Cleanup a specific session. * * @param string $sid * Session ID. */ function _sess_destroy_sid($sid) { db_delete('sessions') ->condition('sid', $sid) ->execute(); + // Unset cookie. + setcookie(session_name(), '', time() - 3600, ini_get('session.cookie_path'), ini_get('session.cookie_domain'), (bool)ini_get('session.cookie_secure'), (bool)ini_get('session.httponly')); } /** * End a specific user's session(s). * * @param string $uid * User ID. */ function drupal_session_destroy_uid($uid) { Index: modules/simpletest/drupal_web_test_case.php =================================================================== RCS file: /cvs/drupal/drupal/modules/simpletest/drupal_web_test_case.php,v retrieving revision 1.63 diff -u -9 -p -r1.63 drupal_web_test_case.php --- modules/simpletest/drupal_web_test_case.php 29 Nov 2008 09:33:51 -0000 1.63 +++ modules/simpletest/drupal_web_test_case.php 29 Nov 2008 17:58:24 -0000 @@ -904,36 +904,38 @@ class DrupalWebTestCase { * Performs a cURL exec with the specified options after calling curlConnect(). * * @param $curl_options * Custom cURL options. * @return * Content returned from the exec. */ protected function curlExec($curl_options) { $this->curlInitialize(); - $url = empty($curl_options[CURLOPT_URL]) ? curl_getinfo($this->curlHandle, CURLINFO_EFFECTIVE_URL) : $curl_options[CURLOPT_URL]; + $url = empty($curl_options[CURLOPT_URL]) ? curl_getinfo($this->ch, CURLINFO_EFFECTIVE_URL) : $curl_options[CURLOPT_URL]; curl_setopt_array($this->curlHandle, $this->additionalCurlOptions + $curl_options); + $this->headers = array(); $this->drupalSetContent(curl_exec($this->curlHandle), curl_getinfo($this->curlHandle, CURLINFO_EFFECTIVE_URL)); $this->assertTrue($this->content !== FALSE, t('!method to !url, response is !length bytes.', array('!method' => !empty($curl_options[CURLOPT_NOBODY]) ? 'HEAD' : (empty($curl_options[CURLOPT_POSTFIELDS]) ? 'GET' : 'POST'), '!url' => $url, '!length' => strlen($this->content))), t('Browser')); return $this->drupalGetContent(); } /** * Reads headers and registers errors received from the tested site. * * @see _drupal_log_error(). * * @param $curlHandler * The cURL handler. * @param $header * An header. */ - protected function curlHeaderCallback($curlHandler, $header) { + protected function curlHeaderCallback($ch, $header) { + $this->headers[] = $header; // Errors are being sent via X-Drupal-Assertion-* headers, // generated by _drupal_log_error() in the exact form required // by DrupalWebTestCase::error(). if (preg_match('/^X-Drupal-Assertion-[0-9]+: (.*)$/', $header, $matches)) { // Call DrupalWebTestCase::error() with the parameters from the header. call_user_func_array(array(&$this, 'error'), unserialize(urldecode($matches[1]))); } // This is required by cURL. return strlen($header); @@ -984,19 +986,19 @@ class DrupalWebTestCase { * @return * The retrieved HTML string, also available as $this->drupalGetContent() */ protected function drupalGet($path, $options = array()) { $options['absolute'] = TRUE; // We re-using a CURL connection here. If that connection still has certain // options set, it might change the GET into a POST. Make sure we clear out // previous options. - $out = $this->curlExec(array(CURLOPT_HTTPGET => TRUE, CURLOPT_URL => url($path, $options), CURLOPT_HEADER => FALSE, CURLOPT_NOBODY => FALSE)); + $out = $this->curlExec(array(CURLOPT_HTTPGET => TRUE, CURLOPT_URL => url($path, $options), CURLOPT_NOBODY => FALSE)); $this->refreshVariables(); // Ensure that any changes to variables in the other thread are picked up. // Replace original page output with new output from redirected page(s). if (($new = $this->checkForMetaRefresh())) { $out = $new; } return $out; } @@ -1066,19 +1068,19 @@ class DrupalWebTestCase { else { foreach ($post as $key => $value) { // Encode according to application/x-www-form-urlencoded // Both names and values needs to be urlencoded, according to // http://www.w3.org/TR/html4/interact/forms.html#h-17.13.4.1 $post[$key] = urlencode($key) . '=' . urlencode($value); } $post = implode('&', $post); } - $out = $this->curlExec(array(CURLOPT_URL => $action, CURLOPT_POST => TRUE, CURLOPT_POSTFIELDS => $post, CURLOPT_HEADER => FALSE)); + $out = $this->curlExec(array(CURLOPT_URL => $action, CURLOPT_POST => TRUE, CURLOPT_POSTFIELDS => $post)); // Ensure that any changes to variables in the other thread are picked up. $this->refreshVariables(); // Replace original page output with new output from redirected page(s). if (($new = $this->checkForMetaRefresh())) { $out = $new; } return $out; } @@ -1120,19 +1122,19 @@ class DrupalWebTestCase { * @param $path * Drupal path or URL to load into internal browser * @param $options * Options to be forwarded to url(). * @return * The retrieved headers, also available as $this->drupalGetContent() */ protected function drupalHead($path, Array $options = array()) { $options['absolute'] = TRUE; - $out = $this->curlExec(array(CURLOPT_HEADER => TRUE, CURLOPT_NOBODY => TRUE, CURLOPT_URL => url($path, $options))); + $out = $this->curlExec(array(CURLOPT_NOBODY => TRUE, CURLOPT_URL => url($path, $options))); $this->refreshVariables(); // Ensure that any changes to variables in the other thread are picked up. return $out; } /** * Handle form input related to drupalPost(). Ensure that the specified fields * exist and attempt to create POST data in the correct manner for the particular * field type. * @@ -1404,18 +1406,80 @@ class DrupalWebTestCase { * * @return * The current url. */ protected function getUrl() { return $this->url; } /** + * Gets the HTTP response headers of the requested page. Normally we are only + * interested in the headers returned by the last request. However, if a page + * is redirected or HTTP authentication is in use, multiple requests will be + * required to retrieve the page. Headers from all requests may be requested + * by passing TRUE to this function. + * + * @param $all_requests + * Boolean value specifying whether to return headers from all requests + * instead of just the last request. Defaults to FALSE. + * @return + * A name/value array if headers from only the last request are requested. + * If headers from all requests are requested, an array of name/value + * arrays, one for each request. + * + * The pseudonym ":status" is used for the HTTP status line. + * + * Values for duplicate headers are stored as a single comma-separated list. + */ + function drupalGetHeaders($all_requests = FALSE) { + $request = 0; + $headers = array($request => array()); + foreach ($this->headers as $header) { + $header = trim($header); + if ($header === '') { + $request++; + } + else { + if (strpos($header, 'HTTP/') === 0) { + $name = ':status'; + $value = $header; + } + else { + list($name, $value) = explode(':', $header, 2); + } + if (isset($headers[$request][$name])) { + $headers[$request][$name] .= ',' . trim($value); + } + else { + $headers[$request][$name] = trim($value); + } + } + } + if (!$all_requests) { + $headers = array_pop($headers); + } + return $headers; + } + + /** + * Gets the value of an HTTP response header returned by the last request. + * + * @param $name + * The name of the header to retrieve. + * @return + * The HTTP header value or FALSE if not found. + */ + function drupalGetHeader($name) { + $headers = $this->drupalGetHeaders(); + return isset($headers[$name]) ? $headers[$name] : FALSE; + } + + /** * Gets the current raw HTML of requested page. */ protected function drupalGetContent() { return $this->content; } /** * Sets the raw HTML content. This can be useful when a page has been fetched * outside of the internal browser and assertions need to be made on the Index: modules/simpletest/tests/bootstrap.test =================================================================== RCS file: /cvs/drupal/drupal/modules/simpletest/tests/bootstrap.test,v retrieving revision 1.7 diff -u -9 -p -r1.7 bootstrap.test --- modules/simpletest/tests/bootstrap.test 23 Nov 2008 18:12:08 -0000 1.7 +++ modules/simpletest/tests/bootstrap.test 29 Nov 2008 17:58:24 -0000 @@ -98,19 +98,19 @@ class BootstrapPageCacheTestCase extends * Enable cache and examine HTTP headers. */ function testPageCache() { global $base_url; variable_set('cache', 1); // Fill the cache. $this->drupalGet($base_url); $this->drupalHead($base_url); - $this->assertText('ETag: ', t('Verify presence of ETag header indicating that page caching is enabled.')); + $this->assertTrue($this->drupalGetHeader('ETag') !== FALSE, t('Verify presence of ETag header indicating that page caching is enabled.')); } } class BootstrapVariableTestCase extends DrupalWebTestCase { function setUp() { parent::setUp('system_test'); } Index: modules/simpletest/tests/session.test =================================================================== RCS file: /cvs/drupal/drupal/modules/simpletest/tests/session.test,v retrieving revision 1.7 diff -u -9 -p -r1.7 session.test --- modules/simpletest/tests/session.test 26 Nov 2008 13:48:49 -0000 1.7 +++ modules/simpletest/tests/session.test 29 Nov 2008 17:58:24 -0000 @@ -154,25 +154,101 @@ class SessionTestCase extends DrupalWebT // Test authenticated count. $this->assertEqual($authenticated, $this->session_count_authenticated, t('Correctly counted @count authenticated sessions.', array('@count' => $authenticated)), t('Session')); // Should return 0 sessions from 1 second from now. $this->assertEqual(drupal_session_count(time() + 1), 0, t('Correctly returned 0 sessions newer than the current time.'), t('Session')); } /** + * Test that empty anonymous sessions are destroyed. + */ + function testEmptyAnonymousSession() { + // With caching disabled, a session is always started. + $this->drupalGet(''); + $this->assertSessionStarted(TRUE); + $this->assertSessionEmpty(TRUE); + + variable_set('cache', CACHE_NORMAL); + + // During this request the session is destroyed in drupal_page_footer(), + // and the session cookie is unset. + $this->drupalGet(''); + $this->assertSessionStarted(TRUE); + $this->assertSessionEmpty(TRUE); + $this->assertFalse($this->drupalGetHeader('ETag'), t('Page was not cached.')); + // When PHP deletes a cookie, it sends "Set-Cookie: cookiename=deleted; + // expires=..." + $this->assertTrue(preg_match('/SESS\w+=deleted/', $this->drupalGetHeader('Set-Cookie')), t('Session cookie was deleted.')); + + // Verify that the session cookie was actually deleted by checking that a + // session is not started + $this->drupalGet(''); + $this->assertSessionStarted(FALSE); + $this->assertFalse($this->drupalGetHeader('Set-Cookie'), t('New session was not started.')); + + // Setting a value in $_SESSION starts a new session. + $this->drupalGet('session-test/set/' . $this->randomName()); + $this->assertSessionStarted(FALSE); + $this->assertTrue($this->drupalGetHeader('Set-Cookie'), t('New session was started.')); + + // Page caching is disabled when session is non-empty. + $this->drupalGet('session-test/unset'); + $this->assertSessionStarted(TRUE); + $this->assertSessionEmpty(FALSE); + $this->assertFalse($this->drupalGetHeader('ETag'), t('Page was not cached.')); + + // During this request the session is destroyed in _drupal_bootstrap(), + // and the session cookie is unset. + $this->drupalGet(''); + $this->assertSessionStarted(TRUE); + $this->assertSessionEmpty(TRUE); + $this->assertTrue($this->drupalGetHeader('ETag'), t('Page was cached.')); + $this->assertTrue(preg_match('/SESS\w+=deleted/', $this->drupalGetHeader('Set-Cookie')), t('Session cookie was deleted.')); + + // Verify that session was destroyed. + $this->drupalGet(''); + $this->assertSessionStarted(FALSE); + $this->assertFalse($this->drupalGetHeader('Set-Cookie'), t('New session was not started.')); + } + + /** * Reset the cookie file so that it refers to the specified user. * * @param $uid User id to set as the active session. */ function sessionReset($uid = 0) { // Close the internal browser. $this->curlClose(); // Change cookie file for user. $this->cookieFile = file_directory_temp() . '/cookie.' . $uid . '.txt'; $this->additionalCurlOptions[CURLOPT_COOKIEFILE] = $this->cookieFile; $this->additionalCurlOptions[CURLOPT_COOKIESESSION] = TRUE; $this->drupalGet('session-test/get'); $this->assertResponse(200, t('Session test module is correctly enabled.'), t('Session')); } + + /** + * Assert whether session was started during bootstrap process. + */ + function assertSessionStarted($started) { + if ($started) { + $this->assertIdentical($this->drupalGetHeader('X-Session-Started'), '1', t('Session was started.')); + } + else { + $this->assertIdentical($this->drupalGetHeader('X-Session-Started'), '0', t('Session was not started.')); + } + } + + /** + * Assert whether $_SESSION is empty at the beginning of the request. + */ + function assertSessionEmpty($empty) { + if ($empty) { + $this->assertIdentical($this->drupalGetHeader('X-Session-Empty'), '1', t('Session was empty.')); + } + else { + $this->assertIdentical($this->drupalGetHeader('X-Session-Empty'), '0', t('Session was not empty.')); + } + } } Index: modules/simpletest/tests/session_test.module =================================================================== RCS file: /cvs/drupal/drupal/modules/simpletest/tests/session_test.module,v retrieving revision 1.4 diff -u -9 -p -r1.4 session_test.module --- modules/simpletest/tests/session_test.module 24 Nov 2008 06:12:45 -0000 1.4 +++ modules/simpletest/tests/session_test.module 29 Nov 2008 17:58:24 -0000 @@ -18,50 +18,75 @@ function session_test_menu() { 'type' => MENU_CALLBACK, ); $items['session-test/set/%'] = array( 'title' => t('Set Session value'), 'page callback' => '_session_test_set', 'page arguments' => array(2), 'access arguments' => array('access content'), 'type' => MENU_CALLBACK, ); + $items['session-test/unset'] = array( + 'title' => t('Session value'), + 'page callback' => '_session_test_unset', + 'access arguments' => array('access content'), + 'type' => MENU_CALLBACK, + ); $items['session-test/no-set/%'] = array( 'title' => t('Disabled session set value'), 'page callback' => '_session_test_no_set', 'page arguments' => array(2), 'access arguments' => array('access content'), 'type' => MENU_CALLBACK, ); return $items; } /** + * Implement hook_boot(). + */ +function session_test_boot() { + header('X-Session-Started: ' . intval(drupal_session_start(FALSE))); + header('X-Session-Empty: ' . intval(empty($_SESSION))); +} + +/** * Page callback, prints the stored session value to the screen. */ function _session_test_get() { + drupal_session_start(); if (!empty($_SESSION['session_test_value'])) { return t('The current value of the stored session variable is: %val', array('%val' => $_SESSION['session_test_value'])); } else { return ""; } } /** * Page callback, stores a value in $_SESSION['session_test_value']. */ function _session_test_set($value) { + drupal_session_start(); $_SESSION['session_test_value'] = $value; return t('The current value of the stored session variable has been set to %val', array('%val' => $value)); } /** + * Page callback, unsets $_SESSION['session_test_value']. + */ +function _session_test_unset() { + drupal_session_start(); + unset($_SESSION['session_test_value']); + return t('The stored session variable has been unset'); +} + +/** * Menu callback: turns off session saving and then tries to save a value * anyway. */ function _session_test_no_set($value) { drupal_save_session(FALSE); _session_test_set($value); return t('session saving was disabled, and then %val was set', array('%val' => $value)); } Index: modules/system/system.admin.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/system/system.admin.inc,v retrieving revision 1.110 diff -u -9 -p -r1.110 system.admin.inc --- modules/system/system.admin.inc 26 Nov 2008 13:54:05 -0000 1.110 +++ modules/system/system.admin.inc 29 Nov 2008 17:58:24 -0000 @@ -1318,18 +1318,30 @@ function system_logging_overview() { * Form builder; Configure site performance settings. * * @ingroup forms * @see system_settings_form() */ function system_performance_settings() { $description = '

' . t("The normal cache mode is suitable for most sites and does not cause any side effects. The aggressive cache mode causes Drupal to skip the loading (boot) and unloading (exit) of enabled modules when serving a cached page. This results in an additional performance boost but can cause unwanted side effects.") . '

'; + // Check if the "Who's online" block is enabled. + $online_block_enabled = db_select('block') + ->condition('module', 'user') + ->condition('delta', 'online') + ->condition('status', 1) + ->countQuery() + ->execute() + ->fetchField(); + if ($online_block_enabled) { + $description .= '

' . t("When caching is enabled, anonymous user sessions are only saved to the database when needed, so the \"Who's online\" block does not display the number of anonymous users.") . '

'; + } + $problem_modules = array_unique(array_merge(module_implements('boot'), module_implements('exit'))); sort($problem_modules); if (count($problem_modules) > 0) { $description .= '

' . t('The following enabled modules are incompatible with aggressive mode caching and will not function properly: %modules', array('%modules' => implode(', ', $problem_modules))) . '.

'; } else { $description .= '

' . t('Currently, all enabled modules are compatible with the aggressive caching policy. Please note, if you use aggressive caching and enable new modules, you will need to check this page again to ensure compatibility.') . '

'; } Index: modules/user/user.module =================================================================== RCS file: /cvs/drupal/drupal/modules/user/user.module,v retrieving revision 1.944 diff -u -9 -p -r1.944 user.module --- modules/user/user.module 29 Nov 2008 09:33:51 -0000 1.944 +++ modules/user/user.module 29 Nov 2008 17:58:24 -0000 @@ -762,18 +762,19 @@ function user_block($op = 'list', $delta '#default_value' => variable_get('user_block_whois_new_count', 5), '#options' => drupal_map_assoc(array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10)), ); return $form; } elseif ($op == 'configure' && $delta == 'online') { $period = drupal_map_assoc(array(30, 60, 120, 180, 300, 600, 900, 1800, 2700, 3600, 5400, 7200, 10800, 21600, 43200, 86400), 'format_interval'); $form['user_block_seconds_online'] = array('#type' => 'select', '#title' => t('User activity'), '#default_value' => variable_get('user_block_seconds_online', 900), '#options' => $period, '#description' => t('A user is considered online for this long after they have last viewed a page.')); $form['user_block_max_list_count'] = array('#type' => 'select', '#title' => t('User list length'), '#default_value' => variable_get('user_block_max_list_count', 10), '#options' => drupal_map_assoc(array(0, 5, 10, 15, 20, 25, 30, 40, 50, 75, 100)), '#description' => t('Maximum number of currently online users to display.')); + $form['user_block_cache'] = array('#markup' => '

If page caching is disabled, the block shows the number of anonymous and authenticated users, respectively. If page caching is enabled, only the number of authenticated users is displayed.

'); return $form; } elseif ($op == 'save' && $delta == 'new') { variable_set('user_block_whois_new_count', $edit['user_block_whois_new_count']); } elseif ($op == 'save' && $delta == 'online') { variable_set('user_block_seconds_online', $edit['user_block_seconds_online']); variable_set('user_block_max_list_count', $edit['user_block_max_list_count']); @@ -810,27 +811,33 @@ function user_block($op = 'list', $delta return $block; case 'online': if (user_access('access content')) { // Count users active within the defined period. $interval = REQUEST_TIME - variable_get('user_block_seconds_online', 900); // Perform database queries to gather online user lists. We use s.timestamp // rather than u.access because it is much faster. - $anonymous_count = drupal_session_count($interval); $authenticated_count = db_query("SELECT COUNT(DISTINCT s.uid) FROM {sessions} s WHERE s.timestamp >= :timestamp AND s.uid > 0", array(':timestamp' => $interval))->fetchField(); - // Format the output with proper grammar. - if ($anonymous_count == 1 && $authenticated_count == 1) { - $output = t('There is currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests'))); - } - else { - $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests'))); + // When page caching is enabled, sessions are only created for + // anonymous users when needed. + if (variable_get('cache', CACHE_DISABLED) == CACHE_DISABLED) { + $anonymous_count = drupal_session_count($interval); + // Format the output with proper grammar. + if ($anonymous_count == 1 && $authenticated_count == 1) { + $output = t('There is currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests'))); + } + else { + $output = t('There are currently %members and %visitors online.', array('%members' => format_plural($authenticated_count, '1 user', '@count users'), '%visitors' => format_plural($anonymous_count, '1 guest', '@count guests'))); + } + } else { + $output = format_plural($authenticated_count, 'There is currently 1 user online.', 'There are currently @count users online.'); } // Display a list of currently online users. $max_users = variable_get('user_block_max_list_count', 10); if ($authenticated_count && $max_users) { $items = db_query_range('SELECT u.uid, u.name, MAX(s.timestamp) AS max_timestamp FROM {users} u INNER JOIN {sessions} s ON u.uid = s.uid WHERE s.timestamp >= :interval AND s.uid > 0 GROUP BY u.uid, u.name ORDER BY max_timestamp DESC', array(':interval' => $interval), 0, $max_users)->fetchAll(); $output .= theme('user_list', $items, t('Online users')); }