List of changes:
* New OOP API using PHP namespace \core\session\.
* All handlers now update the sessions table consistently.
* Experimental DB session support in Oracle.
* Full support for session file handler (filesystem locking required).
* New option for alternative session directory.
* Official memcached session handler support.
* Workaround for memcached version with non-functional gc.
* Improved security - forced session id regeneration.
* Improved compatibility with recent PHP releases.
* Fixed borked CSS during install in debug mode.
* Switched to file based sessions in new installs.
* DB session setting disappears if DB does not support sessions.
* DB session setting disappears if session handler specified in config.php.
* Fast purging of sessions used in request only.
* No legacy distinction - file, database and memcached support the same functionality.
* Session handler name included in performance info.
* Fixed user_loggedin and user_loggedout event triggering.
* Other minor bugfixing and improvements.
* Fixed database session segfault if MUC disposed before $DB.
Limitations:
* Session access time is now updated right after session start.
* Support for $CFG->sessionlockloggedinonly was removed.
* First request does not update userid in sessions table.
* The timeouts may break badly if server hosting forces PHP.ini session settings.
* The session GC is a lot slower, we do not rely on external session timeouts.
* There cannot be any hooks triggered at the session write time.
* File and memcached handlers do not support session lock acquire timeouts.
* Some low level PHP session functions can not be used directly in Moodle code.
- 'List of courses' is split into 'List of courses' (available) and 'Enrolled courses', CFG->disablemycourses is deprecated;
- CFG->frontpageloggedin by default shows list of available courses;
- There is separate item to display course search box
- CFG->maxcoursesincombo is deprecated
- CFG->maxcategorydepth changed default value to 2 since we have AJAX loading now
- FRONTPAGECOURSELIMIT is transformed to CFG->frontpagecourselimit
c
GD PHP extension is now required. Add-ons need to remove $CFG->gdversion tests. The worst case regression is that add-on will think GD is not available.
It seems to be better to check for required permission later, when the
button to install the update is actually being displayed. Credit goes to
Dan Poltawski for suggesting this.
If $CFG->disableupdateautodeploy is set in config.php, no automatic
deploy can happen. This is for sites that are managed by a provider but
their clients have admin access.
allowed turning off the http HEAD request timeout calculation with zero (or negative) bitrate
This was added in to allow servers that have a problem with
HEAD requests to carry on with the given timeout without re-calculations.
See PULL-651 for the discussion.
the optional argument to force recalculation of timeout has been forced within scorm/locallib.php
timeout re-calculation only increments timeout.
Also moved some things around a bit to make them look a little better. Ideally Experimental would be last but this is not easy to do because unit tests adds items to the end later.
New option on Administration -> Server -> Debugging called
'Show origin of languages strings' ($CFG->debugstringids).
If this is set, get_string will add the name of the lang file and the id of the string
to each string it gets, so instead of returning 'No', it will return '{No admin/checkboxno}'.
Added new sessioncookiedomain setting to session handling section.
* allows you to change the domain that the Moodle cookies are available
from. This is useful for Moodle customisations (i.e. Squirrelmail SSO
or enrolment plugins) that need to share Moodle session information
with a web application on another subdomain.
* Will NOT work if the moodle host does not have a domain - i.e. just a
hostname, e.g. 'localhost' or 'myhostname'. Needs a FQDN
* Currently the setting is set to PARAM_TEXT length 50 since PARAM_HOST
does not allow a leading dot e.g. '.mydomain.com'
* TODO: do we make up a new PARAM_COOKIEDOMAIN which is the same as
PARAM_HOST but allows leading dots? Using PARAM_HOST and prepending a
dot may not always be desirable.
