The redis session handler doesn't use the sessiontimeout config setting
to determine session lifetime.
It has a lock expiry, which is set to 7200 (or a config setting) that is
used to determine how long a lock is held onto, but that should be
distinct from the session timeout.
We should complete the deletion process using the same
user that started it.
Added a new param to loginas() to prevent the event to be generated as
there is no need to generate an new event for that as the user didn't
explicitly loginas again.
This code was originally taken from; https://github.com/durana/moodle-cachestore_redis
Special thanks to Mark Nielsen and Adam Durana for their work on this.
Since the original import;
- Mode session support has been added.
- Some cleanup of names has been made.
- Data guarantee and references support was added.
Instead of silently defaulting to SITEID when courseid (coming
from message_send()/\core\message\manager::send_message()) is missing,
now a debugging message is shown to allow developers to fix their
messages to, always, include courseid.
Raw creation of events via message_sent::create() missing other[courseid]
leads to coding exception since now (there shouldn't be any legacy use, as far as
they are always created via create_from_ids() when sending a message.
Updated upgrade.txt notes a little bit, added references the 3.6 final
deprecation issue (MDL-55449) and covered with unit tests.
This is primarily because iOS has changed something under the hood which
means that only session cookies which have an expiry are passed around the
OS.
In order to make media playable outside of the browser (e.g. a video), we
must set a session cookie timeout.
Since the session timeout is configurable, this patch sets the cookie
timeout to the session timeout plus a period of one week.
This ensures that videos continue to work, and that the expired session
message is shown on the login page, but without requiring excessively long
session times.
In the initial implementation, infected file cleanup and exception throwing
was done at the plugin level. This is somewhat incorrect from plugin
responsibility perspective. The patch moves cleanup and exception logic to
the manager. Antivirus plugin responsibility is limited to perform scanning
and respond with one of the result statuses defined in the
\core\antivirus\scanner.
The previously used minification libraries were:
a) Unmaintained
b) Had some silly licensing issues (MDL-36457)
The new library is smaller, maintained, active and GPL-compatible.
