145 $this->authData = array();
147 if (php_sapi_name() ===
'cli' ||
defined(
'STDIN')) {
148 $this->trackid =
'CL'.bin2hex(openssl_random_pseudo_bytes(4));
156 $this->trackid =
'TR'.bin2hex(openssl_random_pseudo_bytes(4));
158 $this->
transient =
true;
164 $this->sessionId = $sh->getCookieSessionId();
165 if ($this->sessionId ===
null) {
166 $this->sessionId = $sh->newSessionId();
170 $this->sessionId = $sh->newSessionId();
171 $sh->setCookie($sh->getSessionCookieName(), $this->sessionId, $sh->getCookieParams());
174 $this->trackid = bin2hex(openssl_random_pseudo_bytes(5));
181 $checkFunction =
$globalConfig->getArray(
'session.check_function',
null);
182 if (isset($checkFunction)) {
183 assert(
'is_callable($checkFunction)');
184 call_user_func($checkFunction, $this,
true);
199 $serialized =
serialize(get_object_vars($this));
222 foreach ($this->authData as
$authority => $parameters) {
223 if (!array_key_exists(
'RawAttributes', $parameters)) {
227 foreach ($parameters[
'RawAttributes'] as $attribute => $values) {
228 foreach ($values as $idx => $value) {
230 $this->authData[
$authority][
'Attributes'][$attribute][$idx] = $value->element->childNodes;
246 if (isset(self::$instance)) {
254 }
catch (Exception $e) {
264 $cause = $e->getCause();
265 if ($cause instanceof Exception) {
283 if (self::$instance !==
null) {
290 }
catch (\
SimpleSAML\Error\CannotSetCookie $e) {
295 if ($e->getCode() === \
SimpleSAML\Error\CannotSetCookie::SECURE_COOKIE) {
296 throw new \SimpleSAML\Error\CriticalConfigurationError(
319 assert(
'is_string($sessionId) || is_null($sessionId)');
333 if (array_key_exists(
$sessionId, self::$sessions)) {
342 assert(
'$session instanceof self');
349 'session.authtoken.cookiename',
350 'SimpleSAMLAuthToken'
352 if (!isset(
$_COOKIE[$authTokenCookieName])) {
363 $checkFunction =
$globalConfig->getArray(
'session.check_function',
null);
364 if (isset($checkFunction)) {
365 assert(
'is_callable($checkFunction)');
366 $check = call_user_func($checkFunction,
$session);
367 if ($check !==
true) {
405 if (isset(self::$instance)) {
420 assert(
'is_string($sessionId)');
439 $this->dirty =
false;
440 $this->callback_registered =
false;
445 $sh->saveSession($this);
446 }
catch (Exception $e) {
466 if ($sh instanceof \
SimpleSAML\SessionHandlerPHP) {
467 $sh->restorePrevious();
485 if (!function_exists(
'header_register_callback')) {
490 if ($this->callback_registered) {
494 $this->callback_registered = header_register_callback(array($this,
'save'));
557 assert(
'is_int($expire) || is_null($expire)');
563 $this->rememberMeExpire =
$expire;
565 $cookieParams = array(
'expire' => $this->rememberMeExpire);
581 assert(
'is_string($authority)');
582 assert(
'is_array($data) || is_null($data)');
593 if (
$data ===
null) {
600 if (!isset(
$data[
'AuthnInstant'])) {
601 $data[
'AuthnInstant'] = time();
604 $maxSessionExpire = time() +
$globalConfig->getInteger(
'session.duration', 8 * 60 * 60);
605 if (!isset(
$data[
'Expire']) ||
$data[
'Expire'] > $maxSessionExpire) {
607 $data[
'Expire'] = $maxSessionExpire;
611 foreach (
$data[
'Attributes'] as $attribute => $values) {
612 foreach ($values as $idx => $value) {
613 if (is_string($value) || is_int($value)) {
618 if (!is_a($value,
'DOMNodeList')) {
623 if ($value->length === 0) {
628 $attrval = new \SAML2\XML\saml\AttributeValue($value->item(0)->parentNode);
629 $data[
'RawAttributes'][$attribute][$idx] = $attrval;
638 if (!$this->
transient && (!empty(
$data[
'RememberMe']) || $this->rememberMeExpire) &&
639 $globalConfig->getBoolean(
'session.rememberme.enable',
false)
646 $globalConfig->getString(
'session.authtoken.cookiename',
'SimpleSAMLAuthToken'),
648 $sessionHandler->getCookieParams()
650 }
catch (
SimpleSAML\Error\CannotSetCookie $e) {
656 unset($this->authToken);
685 if (!$this->
isValid($authority) && $this->rememberMeExpire) {
686 $this->rememberMeExpire =
null;
700 assert(
'is_string($authority)');
701 assert(
'isset($this->authData[$authority])');
703 if (empty($this->authData[
$authority][
'LogoutHandlers'])) {
713 'Logout handler is not a valid function: '.$classname.
'::'.
723 unset($this->authData[
$authority][
'LogoutHandlers']);
736 assert(
'is_string($authority)');
741 ' not valid because we are not authenticated.'
746 if ($this->authData[
$authority][
'Expire'] <= time()) {
765 if ($this->sessionId !==
null) {
766 $sessionHandler->setCookie($sessionHandler->getSessionCookieName(), $this->sessionId,
$params);
769 if ($this->authToken !==
null) {
772 $globalConfig->getString(
'session.authtoken.cookiename',
'SimpleSAMLAuthToken'),
787 assert(
'isset($this->authData[$authority])');
788 assert(
'is_int($expire) || is_null($expire)');
811 assert(
'isset($this->authData[$authority])');
813 $logout_handler = array($classname, $functionname);
815 if (!is_callable($logout_handler)) {
817 'Logout handler is not a vaild function: '.$classname.
'::'.
822 $this->authData[
$authority][
'LogoutHandlers'][] = $logout_handler;
836 assert(
'is_string($type)');
837 assert(
'is_string($id)');
839 if (!is_array($this->dataStore)) {
843 if (!array_key_exists(
$type, $this->dataStore)) {
847 unset($this->dataStore[
$type][
$id]);
869 assert(
'is_string($type)');
870 assert(
'is_string($id)');
871 assert(
'is_int($timeout) || is_null($timeout) || $timeout === self::DATA_TIMEOUT_SESSION_END');
876 if ($timeout ===
null) {
880 $timeout = $configuration->getInteger(
'session.datastore.timeout',
null);
881 if ($timeout !==
null) {
884 'The value of the session.datastore.timeout'.
885 ' configuration option should be a positive integer.'
891 if ($timeout === self::DATA_TIMEOUT_SESSION_END) {
894 $expires = time() + $timeout;
898 'expires' => $expires,
899 'timeout' => $timeout,
903 if (!is_array($this->dataStore)) {
904 $this->dataStore = array();
907 if (!array_key_exists(
$type, $this->dataStore)) {
908 $this->dataStore[
$type] = array();
911 $this->dataStore[
$type][
$id] = $dataInfo;
925 if (!is_array($this->dataStore)) {
931 foreach ($this->dataStore as &$typedData) {
932 foreach ($typedData as
$id =>
$info) {
933 if (
$info[
'expires'] === self::DATA_TIMEOUT_SESSION_END) {
938 if ($ct >
$info[
'expires']) {
939 unset($typedData[
$id]);
958 assert(
'is_string($type)');
959 assert(
'$id === null || is_string($id)');
967 if (!is_array($this->dataStore)) {
971 if (!array_key_exists(
$type, $this->dataStore)) {
975 if (!array_key_exists(
$id, $this->dataStore[
$type])) {
979 return $this->dataStore[
$type][
$id][
'data'];
997 assert(
'is_string($type)');
999 if (!is_array($this->dataStore)) {
1003 if (!array_key_exists(
$type, $this->dataStore)) {
1024 assert(
'is_string($authority)');
1044 return $sh->hasSessionCookie();
1058 assert(
'is_string($idp)');
1059 assert(
'isset($association["id"])');
1060 assert(
'isset($association["Handler"])');
1062 if (!isset($this->associations)) {
1063 $this->associations = array();
1066 if (!isset($this->associations[
$idp])) {
1067 $this->associations[
$idp] = array();
1087 assert(
'is_string($idp)');
1089 if (!isset($this->associations)) {
1090 $this->associations = array();
1093 if (!isset($this->associations[
$idp])) {
1097 foreach ($this->associations[
$idp] as
$id => $assoc) {
1098 if (!isset($assoc[
'Expires'])) {
1101 if ($assoc[
'Expires'] >= time()) {
1105 unset($this->associations[
$idp][
$id]);
1108 return $this->associations[
$idp];
1122 assert(
'is_string($idp)');
1123 assert(
'is_string($associationId)');
1125 if (!isset($this->associations)) {
1129 if (!isset($this->associations[
$idp])) {
1133 unset($this->associations[
$idp][$associationId]);
1149 assert(
'is_string($authority)');
1150 assert(
'is_string($name)');
1167 $authorities = array();
1168 foreach (array_keys($this->authData) as
$authority) {
1169 if ($this->
isValid($authority)) {
1173 return $authorities;
An exception for terminatinating execution or to throw for unit testing.
static setTrackId($trackId)
Set the track identifier to use in all logs.
static getSessionHandler()
This function retrieves the current instance of the session handler.
static setCookie($name, $value, $params=null, $throw=true)
Set a cookie.
static generateID()
Generate a random identifier, ID_LENGTH bytes long.
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
updateSessionCookies($params=null)
Update session cookies.
callLogoutHandlers($authority)
This function calls all registered logout handlers.
setAuthorityExpire($authority, $expire=null)
Set the lifetime for authentication source.
getSessionId()
Retrieve the session ID of this session.
deleteData($type, $id)
Delete data from the data store.
setData($type, $id, $data, $timeout=null)
This function stores data in the data store.
const DATA_TIMEOUT_SESSION_END
This is a timeout value for setData, which indicates that the data should never be deleted,...
unserialize($serialized)
Unserialize a session object and load it.
registerLogoutHandler($authority, $classname, $functionname)
This function registers a logout handler.
expireData()
This function removes expired data from the data store.
addAssociation($idp, array $association)
Add an SP association for an IdP.
terminateAssociation($idp, $associationId)
Remove an SP association for an IdP.
isValid($authority)
Is the session representing an authenticated user, and is the session still alive.
cleanup()
Save the current session and clean any left overs that could interfere with the normal application be...
getAuthData($authority, $name)
Retrieve authentication data.
static getSession($sessionId=null)
Get a session from the session handler.
doLogin($authority, array $data=null)
Marks the user as logged in with the specified authority.
isTransient()
Retrieve if session is transient.
__construct($transient=false)
Private constructor that restricts instantiation to either getSessionFromRequest() for the current se...
static $instance
This variable holds the instance of the session - Singleton approach.
__destruct()
Destroy the session.
markDirty()
Mark this session as dirty.
getRememberMeExpire()
Get remember me expire time.
doLogout($authority)
Marks the user as logged out.
serialize()
Serialize this session object.
getTrackID()
Get a unique ID that will be permanent for this session.
hasSessionCookie()
Check whether the session cookie is set.
getDataOfType($type)
This function retrieves all data of the specified type from the data store.
getData($type, $id)
This function retrieves data from the data store.
static getSessionFromRequest()
Retrieves the current session.
setRememberMeExpire($expire=null)
Set remember me expire time.
getAssociations($idp)
Retrieve the associations for an IdP.
static load(SimpleSAML_Session $session)
Load a given session as the current one.
save()
Save the session to the store.
static createSession($sessionId)
Create a new session and cache it.
static useTransientSession()
Use a transient session.
getAuthorities()
Retrieve a list of authorities (authentication sources) that are currently valid within this session.
getAuthState($authority)
Get the current persistent authentication state.
if(!array_key_exists('StateId', $_REQUEST)) $id
if(!isset($associations[$assocId])) $association
Attribute-related utility methods.
defined( 'APPLICATION_ENV')||define( 'APPLICATION_ENV'