[4.0] Optional session metadata, misc. session tweaks#13322
[4.0] Optional session metadata, misc. session tweaks#13322laoneo merged 14 commits intojoomla:4.0-devfrom mbabker:4.0-no-session-metadata
Conversation
|
Is this worth my time to pursue rebasing? |
|
Sorry i didnt test this as i didnt understand it and others have repeatedly stated that only experienced developers should test library changes. if only those same people would actually do that :( |
|
Well it is kind of technical in nature, and it also affects user facing features. So a mix of both would be helpful. But I'm really not interested in fighting with 9 months of merge conflicts if it's going to sit around. |
|
Just want to add that if people agree with the missing features when session meta data is turned off, I can test and review this PR once conflict resolved |
|
@mbabker looks like if you resolve the cconflicts there are at least two of us prepared to test |
|
OK this should be good to go. |
It clears the metadata field but leaves the record with the session_id - is that correct? |
|
I have tested this item ✅ successfully on b2dab59 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/13322. |
Correct. The session related fields that are tracked are the session ID, time, and data. |
|
All seems good to me then |
|
It works for me, too. Just an issue with Session Save Path setting:
|
| * 1) The database handler is in use and the session is new | ||
| * 2) The database handler is not in use and the time is an even numbered second or the session is new | ||
| */ | ||
| if (($handler !== 'database' && ($time % 2 || $session->isNew())) || ($handler === 'database' && $session->isNew())) |
There was a problem hiding this comment.
Just want to be sure, when $handler !== 'database' and Track Session Metadata is off, do we still need to call $this->checkSession();?
There was a problem hiding this comment.
This is already inside a conditional checking if the metadata is being tracked (the if statement starting at line 166)
There was a problem hiding this comment.
Ah, OK. Thanks, see it now
|
@joomdonation - enter the wrong data and you get an error message telling you that - seems fine to me. |
|
I'm not getting error. The path is saved to configuration.php and then the application could not be stared like I said |
|
thats what I meant. You are getting the error (just not immediately). BUT if this happened before this PR then it is out of scope and you should create a new issue if you feel it is wrong |
|
Here is the screenshot after I entered a wrong path and save configuration, the site is completely broken: |
|
I read description of the PR and thought this is included:
But you are correct, look like that setting was introduced before this PR |
|
Adding that setting was once in scope of this PR but at some point it got added to the repo separately, removed that note from the main description as the diff clearly shows that setting isn't being touched here now. |
|
I have tested this item ✅ successfully on b2dab59 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/13322. |
|
Ready to Commit after two successful tests. |
|
No longer interested in pursuing correct session architecture in Joomla. Bye. |
|
Where are we with this? I see we got two successful tests but no merge and now conflicts? |
…ath for session data
…bled layout markup for updated BS card structure
|
Rebased. See y'all at the next merge conflict 😉 |
| label="CONFIG_SESSION_SETTINGS_LABEL"> | ||
|
|
||
| <field | ||
| name="shared_session" |
There was a problem hiding this comment.
Shared sessions between front end will not be possible anymore, even when session meta data is enabled?
There was a problem hiding this comment.
No, it's a duplicate field definition. Still exists at (new) line 936. Just with all the rebasing and merging and whatnot at this point somehow it's in the form twice.
| type="radio" | ||
| class="switcher" | ||
| default="0" | ||
| label="COM_CONFIG_FIELD_SHARED_SESSION_LABEL" |
There was a problem hiding this comment.
Strings should also be removed here.
Summary of Changes
This should in full decouple the requirement for session metadata. It's done by adding a new global configuration switch (default on because B/C) that when switched off features dependent on this data will need to check. Plus, some other tweaks squeezed in while testing stuff.
Summary of change:
Joomla\CMS\Application\CMSApplication::afterSessionStart()does not run the code to write or cleanup metadata when disabledmod_loggedmodule shows a message if metadata is disabled versus a list of usersmod_statusmodule hides site/admin user counts if metadata is disabledmod_whosonlinemodule shows a message if metadata is disabled versus a count of usersPlgUserJoomlaonly interacts with the session data when the environment is set for itJoomla\CMS\Table\Table::isCheckedOut()modified to account for the metadata trackingJoomla\CMS\Application\CMSApplication::afterSessionStart()will no longer cause an application fatal error if writing the session metadata fails; either it'll fail again when writing the at the end of the request (if using the database handler) and the session fails to persist or the user isn't using the database handler and it really doesn't matter anywayTesting Instructions
With this patch applied over the 4.0 branch, it should be possible to turn off writing session related metadata to the database. When using a non-database handler, the session table should always stay empty. Switching this off when enabled should clear existing metadata.
Documentation Changes Required
Note that it'll be possible for data to not always be persisted into the database, namely the session ID, client, user ID, and username. When enabled, this will cause the checked out checks to not be able to determine if a user is still logged in.