From b686b86c343e68ebd7d5c3b69b6687f5a88809a0 Mon Sep 17 00:00:00 2001 From: Damian Mooyman Date: Thu, 14 Jun 2018 15:54:31 +1200 Subject: [PATCH] Session now prevents cache headers being sent unintentionally --- src/Control/Session.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/Control/Session.php b/src/Control/Session.php index 9cba852b9..d0e68f35e 100644 --- a/src/Control/Session.php +++ b/src/Control/Session.php @@ -128,6 +128,15 @@ class Session */ private static $cookie_secure = false; + /** + * Name of session cache limiter to use. + * Defaults to '' to disable cache limiter entirely. + * + * @see https://secure.php.net/manual/en/function.session-cache-limiter.php + * @var string|null + */ + private static $sessionCacheLimiter = ''; + /** * Session data. * Will be null if session has not been started @@ -275,6 +284,11 @@ class Session session_name('SECSESSID'); } + $limiter = $this->config()->get('sessionCacheLimiter'); + if (isset($limiter)) { + session_cache_limiter($limiter); + } + session_start(); $this->data = isset($_SESSION) ? $_SESSION : array();