Some webservice functions need to be available without a login, e.g.
fetching strings and templates.
External functions must call validate_context if they require a valid login etc.
Added a new parameter to services.php: "loginrequired". Default is true.
version = planned 2015051100 release version
requires= current 2015050500 rc1 version
Note: On purpose, the course format social wrong version (2015102100)
has been kept unmodified. Looking forward a solution right now.
This is a new script that can call any function in the built-in AJAX webservice. This is
a new system service that is added at install time (like the mobile webservice). It has no
protocols added to it, but it accessible by a new ajax script /lib/ajax/service.php.
Requests and responses to the script are required to be in json format, and multiple functions can
be called in a single request.
Also:
- We don't allow users to add deprecated functions to WS
- We show a debugging message when deprecated functions
are already being used in web services.
List of changes:
* New OOP API using PHP namespace \core\session\.
* All handlers now update the sessions table consistently.
* Experimental DB session support in Oracle.
* Full support for session file handler (filesystem locking required).
* New option for alternative session directory.
* Official memcached session handler support.
* Workaround for memcached version with non-functional gc.
* Improved security - forced session id regeneration.
* Improved compatibility with recent PHP releases.
* Fixed borked CSS during install in debug mode.
* Switched to file based sessions in new installs.
* DB session setting disappears if DB does not support sessions.
* DB session setting disappears if session handler specified in config.php.
* Fast purging of sessions used in request only.
* No legacy distinction - file, database and memcached support the same functionality.
* Session handler name included in performance info.
* Fixed user_loggedin and user_loggedout event triggering.
* Other minor bugfixing and improvements.
* Fixed database session segfault if MUC disposed before $DB.
Limitations:
* Session access time is now updated right after session start.
* Support for $CFG->sessionlockloggedinonly was removed.
* First request does not update userid in sessions table.
* The timeouts may break badly if server hosting forces PHP.ini session settings.
* The session GC is a lot slower, we do not rely on external session timeouts.
* There cannot be any hooks triggered at the session write time.
* File and memcached handlers do not support session lock acquire timeouts.
* Some low level PHP session functions can not be used directly in Moodle code.
