145        $this->authData = array();
 
  147        if (php_sapi_name() === 
'cli' || 
defined(
'STDIN')) {
 
  148            $this->trackid = 
'CL'.bin2hex(openssl_random_pseudo_bytes(4));
 
  156            $this->trackid = 
'TR'.bin2hex(openssl_random_pseudo_bytes(4));
 
  158            $this->
transient = 
true;
 
  164            $this->sessionId = $sh->getCookieSessionId();
 
  165            if ($this->sessionId === 
null) {
 
  166                $this->sessionId = $sh->newSessionId();
 
  170            $this->sessionId = $sh->newSessionId();
 
  171            $sh->setCookie($sh->getSessionCookieName(), $this->sessionId, $sh->getCookieParams());
 
  174            $this->trackid = bin2hex(openssl_random_pseudo_bytes(5));
 
  181            $checkFunction = 
$globalConfig->getArray(
'session.check_function', 
null);
 
  182            if (isset($checkFunction)) {
 
  183                assert(
'is_callable($checkFunction)');
 
  184                call_user_func($checkFunction, $this, 
true);
 
  199        $serialized = 
serialize(get_object_vars($this));
 
  222        foreach ($this->authData as 
$authority => $parameters) {
 
  223            if (!array_key_exists(
'RawAttributes', $parameters)) {
 
  227            foreach ($parameters[
'RawAttributes'] as $attribute => $values) {
 
  228                foreach ($values as $idx => $value) { 
 
  230                    $this->authData[
$authority][
'Attributes'][$attribute][$idx] = $value->element->childNodes;
 
  246        if (isset(self::$instance)) {
 
  254        } 
catch (Exception $e) {
 
  264                $cause = $e->getCause();
 
  265                if ($cause instanceof Exception) {
 
  283        if (self::$instance !== 
null) {
 
  290        } 
catch (\
SimpleSAML\Error\CannotSetCookie $e) {
 
  295            if ($e->getCode() === \
SimpleSAML\Error\CannotSetCookie::SECURE_COOKIE) {
 
  296                throw new \SimpleSAML\Error\CriticalConfigurationError(
 
  319        assert(
'is_string($sessionId) || is_null($sessionId)');
 
  333        if (array_key_exists(
$sessionId, self::$sessions)) {
 
  342        assert(
'$session instanceof self');
 
  349                    'session.authtoken.cookiename',
 
  350                    'SimpleSAMLAuthToken' 
  352                if (!isset(
$_COOKIE[$authTokenCookieName])) {
 
  363            $checkFunction = 
$globalConfig->getArray(
'session.check_function', 
null);
 
  364            if (isset($checkFunction)) {
 
  365                assert(
'is_callable($checkFunction)');
 
  366                $check = call_user_func($checkFunction, 
$session);
 
  367                if ($check !== 
true) {
 
  405        if (isset(self::$instance)) {
 
  420        assert(
'is_string($sessionId)');
 
  439        $this->dirty = 
false;
 
  440        $this->callback_registered = 
false;
 
  445            $sh->saveSession($this);
 
  446        } 
catch (Exception $e) {
 
  466        if ($sh instanceof \
SimpleSAML\SessionHandlerPHP) {
 
  467            $sh->restorePrevious();
 
  485        if (!function_exists(
'header_register_callback')) {
 
  490        if ($this->callback_registered) {
 
  494        $this->callback_registered = header_register_callback(array($this, 
'save'));
 
  557        assert(
'is_int($expire) || is_null($expire)');
 
  563        $this->rememberMeExpire = 
$expire;
 
  565        $cookieParams = array(
'expire' => $this->rememberMeExpire);
 
  581        assert(
'is_string($authority)');
 
  582        assert(
'is_array($data) || is_null($data)');
 
  593        if (
$data === 
null) {
 
  600        if (!isset(
$data[
'AuthnInstant'])) {
 
  601            $data[
'AuthnInstant'] = time();
 
  604        $maxSessionExpire = time() + 
$globalConfig->getInteger(
'session.duration', 8 * 60 * 60);
 
  605        if (!isset(
$data[
'Expire']) || 
$data[
'Expire'] > $maxSessionExpire) {
 
  607            $data[
'Expire'] = $maxSessionExpire;
 
  611        foreach (
$data[
'Attributes'] as $attribute => $values) {
 
  612            foreach ($values as $idx => $value) {
 
  613                if (is_string($value) || is_int($value)) {
 
  618                if (!is_a($value, 
'DOMNodeList')) {
 
  623                if ($value->length === 0) {
 
  628                $attrval = new \SAML2\XML\saml\AttributeValue($value->item(0)->parentNode);
 
  629                $data[
'RawAttributes'][$attribute][$idx] = $attrval;
 
  638        if (!$this->
transient && (!empty(
$data[
'RememberMe']) || $this->rememberMeExpire) &&
 
  639            $globalConfig->getBoolean(
'session.rememberme.enable', 
false)
 
  646                    $globalConfig->getString(
'session.authtoken.cookiename', 
'SimpleSAMLAuthToken'),
 
  648                    $sessionHandler->getCookieParams()
 
  650            } 
catch (
SimpleSAML\Error\CannotSetCookie $e) {
 
  656                unset($this->authToken);
 
  685        if (!$this->
isValid($authority) && $this->rememberMeExpire) {
 
  686            $this->rememberMeExpire = 
null;
 
  700        assert(
'is_string($authority)');
 
  701        assert(
'isset($this->authData[$authority])');
 
  703        if (empty($this->authData[
$authority][
'LogoutHandlers'])) {
 
  713                    'Logout handler is not a valid function: '.$classname.
'::'.
 
  723        unset($this->authData[
$authority][
'LogoutHandlers']);
 
  736        assert(
'is_string($authority)');
 
  741                ' not valid because we are not authenticated.' 
  746        if ($this->authData[
$authority][
'Expire'] <= time()) {
 
  765        if ($this->sessionId !== 
null) {
 
  766            $sessionHandler->setCookie($sessionHandler->getSessionCookieName(), $this->sessionId, 
$params);
 
  769        if ($this->authToken !== 
null) {
 
  772                $globalConfig->getString(
'session.authtoken.cookiename', 
'SimpleSAMLAuthToken'),
 
  787        assert(
'isset($this->authData[$authority])');
 
  788        assert(
'is_int($expire) || is_null($expire)');
 
  811        assert(
'isset($this->authData[$authority])');
 
  813        $logout_handler = array($classname, $functionname);
 
  815        if (!is_callable($logout_handler)) {
 
  817                'Logout handler is not a vaild function: '.$classname.
'::'.
 
  822        $this->authData[
$authority][
'LogoutHandlers'][] = $logout_handler;
 
  836        assert(
'is_string($type)');
 
  837        assert(
'is_string($id)');
 
  839        if (!is_array($this->dataStore)) {
 
  843        if (!array_key_exists(
$type, $this->dataStore)) {
 
  847        unset($this->dataStore[
$type][
$id]);
 
  869        assert(
'is_string($type)');
 
  870        assert(
'is_string($id)');
 
  871        assert(
'is_int($timeout) || is_null($timeout) || $timeout === self::DATA_TIMEOUT_SESSION_END');
 
  876        if ($timeout === 
null) {
 
  880            $timeout = $configuration->getInteger(
'session.datastore.timeout', 
null);
 
  881            if ($timeout !== 
null) {
 
  884                        'The value of the session.datastore.timeout'.
 
  885                        ' configuration option should be a positive integer.' 
  891        if ($timeout === self::DATA_TIMEOUT_SESSION_END) {
 
  894            $expires = time() + $timeout;
 
  898            'expires' => $expires,
 
  899            'timeout' => $timeout,
 
  903        if (!is_array($this->dataStore)) {
 
  904            $this->dataStore = array();
 
  907        if (!array_key_exists(
$type, $this->dataStore)) {
 
  908            $this->dataStore[
$type] = array();
 
  911        $this->dataStore[
$type][
$id] = $dataInfo;
 
  925        if (!is_array($this->dataStore)) {
 
  931        foreach ($this->dataStore as &$typedData) {
 
  932            foreach ($typedData as 
$id => 
$info) {
 
  933                if (
$info[
'expires'] === self::DATA_TIMEOUT_SESSION_END) {
 
  938                if ($ct > 
$info[
'expires']) {
 
  939                    unset($typedData[
$id]);
 
  958        assert(
'is_string($type)');
 
  959        assert(
'$id === null || is_string($id)');
 
  967        if (!is_array($this->dataStore)) {
 
  971        if (!array_key_exists(
$type, $this->dataStore)) {
 
  975        if (!array_key_exists(
$id, $this->dataStore[
$type])) {
 
  979        return $this->dataStore[
$type][
$id][
'data'];
 
  997        assert(
'is_string($type)');
 
  999        if (!is_array($this->dataStore)) {
 
 1003        if (!array_key_exists(
$type, $this->dataStore)) {
 
 1024        assert(
'is_string($authority)');
 
 1044        return $sh->hasSessionCookie();
 
 1058        assert(
'is_string($idp)');
 
 1059        assert(
'isset($association["id"])');
 
 1060        assert(
'isset($association["Handler"])');
 
 1062        if (!isset($this->associations)) {
 
 1063            $this->associations = array();
 
 1066        if (!isset($this->associations[
$idp])) {
 
 1067            $this->associations[
$idp] = array();
 
 1087        assert(
'is_string($idp)');
 
 1089        if (!isset($this->associations)) {
 
 1090            $this->associations = array();
 
 1093        if (!isset($this->associations[
$idp])) {
 
 1097        foreach ($this->associations[
$idp] as 
$id => $assoc) {
 
 1098            if (!isset($assoc[
'Expires'])) {
 
 1101            if ($assoc[
'Expires'] >= time()) {
 
 1105            unset($this->associations[
$idp][
$id]);
 
 1108        return $this->associations[
$idp];
 
 1122        assert(
'is_string($idp)');
 
 1123        assert(
'is_string($associationId)');
 
 1125        if (!isset($this->associations)) {
 
 1129        if (!isset($this->associations[
$idp])) {
 
 1133        unset($this->associations[
$idp][$associationId]);
 
 1149        assert(
'is_string($authority)');
 
 1150        assert(
'is_string($name)');
 
 1167        $authorities = array();
 
 1168        foreach (array_keys($this->authData) as 
$authority) {
 
 1169            if ($this->
isValid($authority)) {
 
 1173        return $authorities;
 
An exception for terminatinating execution or to throw for unit testing.
static setTrackId($trackId)
Set the track identifier to use in all logs.
static getSessionHandler()
This function retrieves the current instance of the session handler.
static setCookie($name, $value, $params=null, $throw=true)
Set a cookie.
static generateID()
Generate a random identifier, ID_LENGTH bytes long.
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
updateSessionCookies($params=null)
Update session cookies.
callLogoutHandlers($authority)
This function calls all registered logout handlers.
setAuthorityExpire($authority, $expire=null)
Set the lifetime for authentication source.
getSessionId()
Retrieve the session ID of this session.
deleteData($type, $id)
Delete data from the data store.
setData($type, $id, $data, $timeout=null)
This function stores data in the data store.
const DATA_TIMEOUT_SESSION_END
This is a timeout value for setData, which indicates that the data should never be deleted,...
unserialize($serialized)
Unserialize a session object and load it.
registerLogoutHandler($authority, $classname, $functionname)
This function registers a logout handler.
expireData()
This function removes expired data from the data store.
addAssociation($idp, array $association)
Add an SP association for an IdP.
terminateAssociation($idp, $associationId)
Remove an SP association for an IdP.
isValid($authority)
Is the session representing an authenticated user, and is the session still alive.
cleanup()
Save the current session and clean any left overs that could interfere with the normal application be...
getAuthData($authority, $name)
Retrieve authentication data.
static getSession($sessionId=null)
Get a session from the session handler.
doLogin($authority, array $data=null)
Marks the user as logged in with the specified authority.
isTransient()
Retrieve if session is transient.
__construct($transient=false)
Private constructor that restricts instantiation to either getSessionFromRequest() for the current se...
static $instance
This variable holds the instance of the session - Singleton approach.
__destruct()
Destroy the session.
markDirty()
Mark this session as dirty.
getRememberMeExpire()
Get remember me expire time.
doLogout($authority)
Marks the user as logged out.
serialize()
Serialize this session object.
getTrackID()
Get a unique ID that will be permanent for this session.
hasSessionCookie()
Check whether the session cookie is set.
getDataOfType($type)
This function retrieves all data of the specified type from the data store.
getData($type, $id)
This function retrieves data from the data store.
static getSessionFromRequest()
Retrieves the current session.
setRememberMeExpire($expire=null)
Set remember me expire time.
getAssociations($idp)
Retrieve the associations for an IdP.
static load(SimpleSAML_Session $session)
Load a given session as the current one.
save()
Save the session to the store.
static createSession($sessionId)
Create a new session and cache it.
static useTransientSession()
Use a transient session.
getAuthorities()
Retrieve a list of authorities (authentication sources) that are currently valid within this session.
getAuthState($authority)
Get the current persistent authentication state.
if(!array_key_exists('StateId', $_REQUEST)) $id
if(!isset($associations[$assocId])) $association
Attribute-related utility methods.
defined( 'APPLICATION_ENV')||define( 'APPLICATION_ENV'