Browse files

Revert removal of session_cache_limiter()

It was removed in [4a6159c].
The session_cache_limiter() is required for IE8 to correctly
hold onto sessions.

Fixes #2781
  • Loading branch information...
1 parent 4e1a267 commit 2fd15b6c7e21a8fcc29d66e759b8ec741fea81d1 @markstory markstory committed Apr 14, 2012
Showing with 2 additions and 0 deletions.
  1. +2 −0 lib/Cake/Model/Datasource/CakeSession.php
@@ -602,6 +602,8 @@ protected static function _startSession() {
$_SESSION = array();
} else {
+ // For IE<8
ADmad Apr 14, 2012 Member

Shouldn't the comment be //For IE<=8 ?

markstory Apr 14, 2012 Member

Yeah, I fail at programming today..

+ session_cache_limiter("must-revalidate");
return true;

3 comments on commit 2fd15b6


I don't agree with this fix, in any case we should do this in the response class and always set the response to private ad other major frameworks do. I don't like magic headers being set around different parts of the framework.

What do you think?


I'm ok with moving the header setting. But we should not use session_cache_limiter() in that case. I'm pretty sure using session_cache_limiter() needs to be done before session_start(). But we could always set the default cache control headers to the equivalent values.

Please sign in to comment.