List of changes:
* New OOP API using PHP namespace \core\session\.
* All handlers now update the sessions table consistently.
* Experimental DB session support in Oracle.
* Full support for session file handler (filesystem locking required).
* New option for alternative session directory.
* Official memcached session handler support.
* Workaround for memcached version with non-functional gc.
* Improved security - forced session id regeneration.
* Improved compatibility with recent PHP releases.
* Fixed borked CSS during install in debug mode.
* Switched to file based sessions in new installs.
* DB session setting disappears if DB does not support sessions.
* DB session setting disappears if session handler specified in config.php.
* Fast purging of sessions used in request only.
* No legacy distinction - file, database and memcached support the same functionality.
* Session handler name included in performance info.
* Fixed user_loggedin and user_loggedout event triggering.
* Other minor bugfixing and improvements.
* Fixed database session segfault if MUC disposed before $DB.
Limitations:
* Session access time is now updated right after session start.
* Support for $CFG->sessionlockloggedinonly was removed.
* First request does not update userid in sessions table.
* The timeouts may break badly if server hosting forces PHP.ini session settings.
* The session GC is a lot slower, we do not rely on external session timeouts.
* There cannot be any hooks triggered at the session write time.
* File and memcached handlers do not support session lock acquire timeouts.
* Some low level PHP session functions can not be used directly in Moodle code.
The PHP readfile function does not work for files more than 2GB.
This commit provides a wrapper that can be used so that files less
than 2GB are sent with readfile, and files larger than 2GB are
sent manually.
The change applies to all uses of pluginfile.php, although in
reality, backup files are probably the only ones likely to be more
than two gigabytes.
generate_email_supportuser was not creating user which can
be used by messaging system. core_user::get_support_user()
should be used to get support_user record.
This is used by messaging system for sending/receiving message
to/from noreply or support user. message_send api will now use
core_user class to get noreply or support user and then
send/receive message depending on user state.
* core_useragent: Introduce is_vendor methods to improve readability
when we are just detecting if a browser is from a vendor, rather than
the exact version
* Remove uncessary browser version checks when we are just detecting
vendors - this makes the intention of our sniffing clearer.
* Remove sniffing for browsers which we do not support, grades/ajax/tinymce
all support modern browsers so there is no need to sniff for them.
This fixes all sorts of bother with the fullscreen dialogues. It also means that
you don't lose your scroll position in the document when the full screen popup
opens/closes.
It prevents several bugs on mobile where the dialogue could get scrolled off
the page (and handles orientation changes better).
Contains one other tiny tweak to make the close button on the dialogue
a bit bigger so it's easier to click (only for fullscreen).
