SimpleSAML_Session Class Reference

Inheritance diagram for SimpleSAML_Session:

Collaboration diagram for SimpleSAML_Session:

Public Member Functions
	serialize ()
	Serialize this session object. More...
	unserialize ($serialized)
	Unserialize a session object and load it. More...
	save ()
	Save the session to the store. More...
	cleanup ()
	Save the current session and clean any left overs that could interfere with the normal application behaviour. More...
	markDirty ()
	Mark this session as dirty. More...
	__destruct ()
	Destroy the session. More...
	getSessionId ()
	Retrieve the session ID of this session. More...
	isTransient ()
	Retrieve if session is transient. More...
	getTrackID ()
	Get a unique ID that will be permanent for this session. More...
	getRememberMeExpire ()
	Get remember me expire time. More...
	setRememberMeExpire ($expire=null)
	Set remember me expire time. More...
	doLogin ($authority, array $data=null)
	Marks the user as logged in with the specified authority. More...
	doLogout ($authority)
	Marks the user as logged out. More...
	isValid ($authority)
	Is the session representing an authenticated user, and is the session still alive. More...
	updateSessionCookies ($params=null)
	Update session cookies. More...
	setAuthorityExpire ($authority, $expire=null)
	Set the lifetime for authentication source. More...
	registerLogoutHandler ($authority, $classname, $functionname)
	This function registers a logout handler. More...
	deleteData ($type, $id)
	Delete data from the data store. More...
	setData ($type, $id, $data, $timeout=null)
	This function stores data in the data store. More...
	getData ($type, $id)
	This function retrieves data from the data store. More...
	getDataOfType ($type)
	This function retrieves all data of the specified type from the data store. More...
	getAuthState ($authority)
	Get the current persistent authentication state. More...
	hasSessionCookie ()
	Check whether the session cookie is set. More...
	addAssociation ($idp, array $association)
	Add an SP association for an IdP. More...
	getAssociations ($idp)
	Retrieve the associations for an IdP. More...
	terminateAssociation ($idp, $associationId)
	Remove an SP association for an IdP. More...
	getAuthData ($authority, $name)
	Retrieve authentication data. More...
	getAuthorities ()
	Retrieve a list of authorities (authentication sources) that are currently valid within this session. More...

Static Public Member Functions
static	getSessionFromRequest ()
	Retrieves the current session. More...
static	getSession ($sessionId=null)
	Get a session from the session handler. More...
static	useTransientSession ()
	Use a transient session. More...
static	createSession ($sessionId)
	Create a new session and cache it. More...

Data Fields
const	DATA_TIMEOUT_SESSION_END = 'sessionEndTimeout'
	This is a timeout value for setData, which indicates that the data should never be deleted, i.e. More...

Private Member Functions
	__construct ($transient=false)
	Private constructor that restricts instantiation to either getSessionFromRequest() for the current session or getSession() for a specific one. More...
	callLogoutHandlers ($authority)
	This function calls all registered logout handlers. More...
	expireData ()
	This function removes expired data from the data store. More...

Static Private Member Functions
static	load (SimpleSAML_Session $session)
	Load a given session as the current one. More...

Private Attributes
	$sessionId
	$transient = false
	$trackid = null
	$rememberMeExpire = null
	$dirty = false
	$callback_registered = false
	$dataStore = null
	$associations = array()
	$authToken
	$authData

Static Private Attributes
static	$sessions = array()
static	$instance = null
	This variable holds the instance of the session - Singleton approach. More...

Detailed Description

Definition at line 19 of file Session.php.

Constructor & Destructor Documentation

__construct()

SimpleSAML_Session::__construct (   $transient = false )

private

Private constructor that restricts instantiation to either getSessionFromRequest() for the current session or getSession() for a specific one.

Parameters

boolean

$transient

Whether to create a transient session or not.

Definition at line 143 of file Session.php.

References $globalConfig, $sessionId, $transient, array, defined, SimpleSAML_Configuration\getInstance(), SimpleSAML\SessionHandler\getSessionHandler(), markDirty(), and SimpleSAML\Logger\setTrackId().

    {
        $this->authData = array();

        if (php_sapi_name() === 'cli' || defined('STDIN')) {
            $this->trackid = 'CL'.bin2hex(openssl_random_pseudo_bytes(4));
            SimpleSAML\Logger::setTrackId($this->trackid);
            $this->transient = $transient;
            return;
        }

        if ($transient) { // transient session
            $sh = \SimpleSAML\SessionHandler::getSessionHandler();
            $this->trackid = 'TR'.bin2hex(openssl_random_pseudo_bytes(4));
            SimpleSAML\Logger::setTrackId($this->trackid);
            $this->transient = true;

            /*
             * Initialize the session ID. It might be that we have a session cookie but we couldn't load the session.
             * If that's the case, use that ID. If not, create a new ID.
             */
            $this->sessionId = $sh->getCookieSessionId();
            if ($this->sessionId === null) {
                $this->sessionId = $sh->newSessionId();
            }
        } else { // regular session
            $sh = \SimpleSAML\SessionHandler::getSessionHandler();
            $this->sessionId = $sh->newSessionId();
            $sh->setCookie($sh->getSessionCookieName(), $this->sessionId, $sh->getCookieParams());


            $this->trackid = bin2hex(openssl_random_pseudo_bytes(5));
            SimpleSAML\Logger::setTrackId($this->trackid);

            $this->markDirty();

            // initialize data for session check function if defined
            $globalConfig = SimpleSAML_Configuration::getInstance();
            $checkFunction = $globalConfig->getArray('session.check_function', null);
            if (isset($checkFunction)) {
                assert('is_callable($checkFunction)');
                call_user_func($checkFunction, $this, true);
            }
        }
    }

Here is the call graph for this function:

__destruct()

SimpleSAML_Session::__destruct

(

)

Destroy the session.

Destructor for this class. It will save the session to the session handler in case the session has been marked as dirty. Do nothing otherwise.

Definition at line 504 of file Session.php.

References save().

    {
        $this->save();
    }

Here is the call graph for this function:

Member Function Documentation

addAssociation()

SimpleSAML_Session::addAssociation	(		$idp,
		array	$association
	)

Add an SP association for an IdP.

This function is only for use by the SimpleSAML_IdP class.

Parameters

string	$idp	The IdP id.
array	$association	The association we should add.

Definition at line 1056 of file Session.php.

References $association, $idp, array, and markDirty().

    {
        assert('is_string($idp)');
        assert('isset($association["id"])');
        assert('isset($association["Handler"])');

        if (!isset($this->associations)) {
            $this->associations = array();
        }

        if (!isset($this->associations[$idp])) {
            $this->associations[$idp] = array();
        }

        $this->associations[$idp][$association['id']] = $association;

        $this->markDirty();
    }

Here is the call graph for this function:

callLogoutHandlers()

SimpleSAML_Session::callLogoutHandlers (   $authority )

private

This function calls all registered logout handlers.

Parameters

string

$authority

The authentication source we are logging out from.

Exceptions

Exception

If the handler is not a valid function or method.

Definition at line 698 of file Session.php.

References $authority, and $handler.

Referenced by doLogout().

    {
        assert('is_string($authority)');
        assert('isset($this->authData[$authority])');

        if (empty($this->authData[$authority]['LogoutHandlers'])) {
            return;
        }
        foreach ($this->authData[$authority]['LogoutHandlers'] as $handler) {
            // verify that the logout handler is a valid function
            if (!is_callable($handler)) {
                $classname = $handler[0];
                $functionname = $handler[1];

                throw new Exception(
                    'Logout handler is not a valid function: '.$classname.'::'.
                    $functionname
                );
            }

            // call the logout handler
            call_user_func($handler);
        }

        // we require the logout handlers to register themselves again if they want to be called later
        unset($this->authData[$authority]['LogoutHandlers']);
    }

Here is the caller graph for this function:

cleanup()

SimpleSAML_Session::cleanup

(

)

Save the current session and clean any left overs that could interfere with the normal application behaviour.

Use this method if you are using PHP sessions in your application and in SimpleSAMLphp, after you are done using SimpleSAMLphp and before trying to access your application's session again.

Definition at line 462 of file Session.php.

References SimpleSAML\SessionHandler\getSessionHandler(), and save().

    {
        $this->save();
        $sh = \SimpleSAML\SessionHandler::getSessionHandler();
        if ($sh instanceof \SimpleSAML\SessionHandlerPHP) {
            $sh->restorePrevious();
        }
    }

Here is the call graph for this function:

createSession()

static SimpleSAML_Session::createSession (   $sessionId )

static

Create a new session and cache it.

Parameters

string

$sessionId

The new session we should create.

Definition at line 418 of file Session.php.

References $sessionId.

Referenced by SimpleSAML\SessionHandlerCookie\newSessionId(), and SimpleSAML\SessionHandlerPHP\newSessionId().

    {
        assert('is_string($sessionId)');
        self::$sessions[$sessionId] = null;
    }

Here is the caller graph for this function:

deleteData()

SimpleSAML_Session::deleteData	(		$type,
			$id
	)

Delete data from the data store.

This function immediately deletes the data with the given type and id from the data store.

Parameters

string	$type	The type of the data.
string	$id	The identifier of the data.

Definition at line 834 of file Session.php.

References $id, $type, and markDirty().

    {
        assert('is_string($type)');
        assert('is_string($id)');

        if (!is_array($this->dataStore)) {
            return;
        }

        if (!array_key_exists($type, $this->dataStore)) {
            return;
        }

        unset($this->dataStore[$type][$id]);
        $this->markDirty();
    }

Here is the call graph for this function:

doLogin()

SimpleSAML_Session::doLogin	(		$authority,
		array	$data = null
	)

Marks the user as logged in with the specified authority.

If the user already has logged in, the user will be logged out first.

Parameters

string	$authority	The authority the user logged in with.
array | null	$data	The authentication data for this authority.

Exceptions

Definition at line 579 of file Session.php.

References $authority, $authToken, $data, $globalConfig, array, SimpleSAML\Logger\debug(), doLogout(), SimpleSAML\Logger\error(), SimpleSAML\Utils\Random\generateID(), SimpleSAML_Configuration\getInstance(), SimpleSAML\SessionHandler\getSessionHandler(), markDirty(), SimpleSAML\Utils\HTTP\setCookie(), setRememberMeExpire(), and time.

    {
        assert('is_string($authority)');
        assert('is_array($data) || is_null($data)');

        SimpleSAML\Logger::debug('Session: doLogin("'.$authority.'")');

        $this->markDirty();

        if (isset($this->authData[$authority])) {
            // we are already logged in, log the user out first
            $this->doLogout($authority);
        }

        if ($data === null) {
            $data = array();
        }

        $data['Authority'] = $authority;

        $globalConfig = SimpleSAML_Configuration::getInstance();
        if (!isset($data['AuthnInstant'])) {
            $data['AuthnInstant'] = time();
        }

        $maxSessionExpire = time() + $globalConfig->getInteger('session.duration', 8 * 60 * 60);
        if (!isset($data['Expire']) || $data['Expire'] > $maxSessionExpire) {
            // unset, or beyond our session lifetime. Clamp it to our maximum session lifetime
            $data['Expire'] = $maxSessionExpire;
        }

        // check if we have non-serializable attribute values
        foreach ($data['Attributes'] as $attribute => $values) {
            foreach ($values as $idx => $value) {
                if (is_string($value) || is_int($value)) {
                    continue;
                }

                // at this point, this should be a DOMNodeList object...
                if (!is_a($value, 'DOMNodeList')) {
                    continue;
                }

                /* @var \DOMNodeList $value */
                if ($value->length === 0) {
                    continue;
                }

                // create an AttributeValue object and save it to 'RawAttributes', using same attribute name and index
                $attrval = new \SAML2\XML\saml\AttributeValue($value->item(0)->parentNode);
                $data['RawAttributes'][$attribute][$idx] = $attrval;
            }
        }

        $this->authData[$authority] = $data;

        $this->authToken = SimpleSAML\Utils\Random::generateID();
        $sessionHandler = \SimpleSAML\SessionHandler::getSessionHandler();

        if (!$this->transient && (!empty($data['RememberMe']) || $this->rememberMeExpire) &&
            $globalConfig->getBoolean('session.rememberme.enable', false)
        ) {

            $this->setRememberMeExpire();
        } else {
            try {
                SimpleSAML\Utils\HTTP::setCookie(
                    $globalConfig->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'),
                    $this->authToken,
                    $sessionHandler->getCookieParams()
                );
            } catch (SimpleSAML\Error\CannotSetCookie $e) {
                /*
                 * Something went wrong when setting the auth token. We cannot recover from this, so we better log a
                 * message and throw an exception. The user is not properly logged in anyway, so clear all login
                 * information from the session.
                 */
                unset($this->authToken);
                unset($this->authData[$authority]);
                \SimpleSAML\Logger::error('Cannot set authentication token cookie: '.$e->getMessage());
                throw $e;
            }
        }
    }

Here is the call graph for this function:

doLogout()

SimpleSAML_Session::doLogout

(

$authority

)

Marks the user as logged out.

This function will call any registered logout handlers before marking the user as logged out.

Parameters

string

$authority

The authentication source we are logging out of.

Definition at line 671 of file Session.php.

References $authority, callLogoutHandlers(), SimpleSAML\Logger\debug(), isValid(), markDirty(), and updateSessionCookies().

Referenced by doLogin().

    {
        SimpleSAML\Logger::debug('Session: doLogout('.var_export($authority, true).')');

        if (!isset($this->authData[$authority])) {
            SimpleSAML\Logger::debug('Session: Already logged out of '.$authority.'.');
            return;
        }

        $this->markDirty();

        $this->callLogoutHandlers($authority);
        unset($this->authData[$authority]);

        if (!$this->isValid($authority) && $this->rememberMeExpire) {
            $this->rememberMeExpire = null;
            $this->updateSessionCookies();
        }
    }

Here is the call graph for this function:

Here is the caller graph for this function:

expireData()

SimpleSAML_Session::expireData ( )

private

This function removes expired data from the data store.

Note that this function doesn't mark the session object as dirty. This means that if the only change to the session object is that some data has expired, it will not be written back to the session store.

Definition at line 923 of file Session.php.

References $id, $info, and time.

Referenced by getData(), and setData().

    {
        if (!is_array($this->dataStore)) {
            return;
        }

        $ct = time();

        foreach ($this->dataStore as &$typedData) {
            foreach ($typedData as $id => $info) {
                if ($info['expires'] === self::DATA_TIMEOUT_SESSION_END) {
                    // this data never expires
                    continue;
                }

                if ($ct > $info['expires']) {
                    unset($typedData[$id]);
                }
            }
        }
    }

Here is the caller graph for this function:

getAssociations()

SimpleSAML_Session::getAssociations

(

$idp

)

Retrieve the associations for an IdP.

This function is only for use by the SimpleSAML_IdP class.

Parameters

string

$idp

The IdP id.

Returns

array The IdP associations.

Definition at line 1085 of file Session.php.

References $id, $idp, array, and time.

    {
        assert('is_string($idp)');

        if (!isset($this->associations)) {
            $this->associations = array();
        }

        if (!isset($this->associations[$idp])) {
            return array();
        }

        foreach ($this->associations[$idp] as $id => $assoc) {
            if (!isset($assoc['Expires'])) {
                continue;
            }
            if ($assoc['Expires'] >= time()) {
                continue;
            }

            unset($this->associations[$idp][$id]);
        }

        return $this->associations[$idp];
    }

getAuthData()

SimpleSAML_Session::getAuthData	(		$authority,
			$name
	)

Retrieve authentication data.

Parameters

string	$authority	The authentication source we should retrieve data from.
string	$name	The name of the data we should retrieve.

Returns

mixed The value, or null if the value wasn't found.

Definition at line 1147 of file Session.php.

References $authority, and $name.

    {
        assert('is_string($authority)');
        assert('is_string($name)');

        if (!isset($this->authData[$authority][$name])) {
            return null;
        }
        return $this->authData[$authority][$name];
    }

getAuthorities()

SimpleSAML_Session::getAuthorities

(

)

Retrieve a list of authorities (authentication sources) that are currently valid within this session.

Returns

mixed An array containing every authority currently valid. Empty if none available.

Definition at line 1165 of file Session.php.

References $authority, array, and isValid().

    {
        $authorities = array();
        foreach (array_keys($this->authData) as $authority) {
            if ($this->isValid($authority)) {
                $authorities[] = $authority;
            }
        }
        return $authorities;
    }

Here is the call graph for this function:

getAuthState()

SimpleSAML_Session::getAuthState

(

$authority

)

Get the current persistent authentication state.

Parameters

string

$authority

The authority to retrieve the data from.

Returns

array The current persistent authentication state, or null if not authenticated.

Definition at line 1022 of file Session.php.

References $authority.

    {
        assert('is_string($authority)');

        if (!isset($this->authData[$authority])) {
            return null;
        }

        return $this->authData[$authority];
    }

getData()

SimpleSAML_Session::getData	(		$type,
			$id
	)

This function retrieves data from the data store.

Note that this will not change when the data stored in the data store will expire. If that is required, the data should be written back with setData.

Parameters

string	$type	The type of the data. This must match the type used when adding the data.
string | null	$id	The identifier of the data. Can be null, in which case null will be returned.

Returns

mixed The data of the given type with the given id or null if the data doesn't exist in the data store.

Definition at line 956 of file Session.php.

References $id, $type, and expireData().

    {
        assert('is_string($type)');
        assert('$id === null || is_string($id)');

        if ($id === null) {
            return null;
        }

        $this->expireData();

        if (!is_array($this->dataStore)) {
            return null;
        }

        if (!array_key_exists($type, $this->dataStore)) {
            return null;
        }

        if (!array_key_exists($id, $this->dataStore[$type])) {
            return null;
        }

        return $this->dataStore[$type][$id]['data'];
    }

Here is the call graph for this function:

getDataOfType()

SimpleSAML_Session::getDataOfType

(

$type

)

This function retrieves all data of the specified type from the data store.

The data will be returned as an associative array with the id of the data as the key, and the data as the value of each key. The value will be stored as a copy of the original data. setData must be used to update the data.

An empty array will be returned if no data of the given type is found.

Parameters

string

$type

The type of the data.

Returns

array An associative array with all data of the given type.

Definition at line 995 of file Session.php.

References $id, $info, $ret, $type, and array.

    {
        assert('is_string($type)');

        if (!is_array($this->dataStore)) {
            return array();
        }

        if (!array_key_exists($type, $this->dataStore)) {
            return array();
        }

        $ret = array();
        foreach ($this->dataStore[$type] as $id => $info) {
            $ret[$id] = $info['data'];
        }

        return $ret;
    }

getRememberMeExpire()

SimpleSAML_Session::getRememberMeExpire

(

)

Get remember me expire time.

Returns

integer|null The remember me expire time.

Definition at line 545 of file Session.php.

References $rememberMeExpire.

    {
        return $this->rememberMeExpire;
    }

getSession()

static SimpleSAML_Session::getSession (   $sessionId = null )

static

Get a session from the session handler.

Parameters

string | null

$sessionId

The session we should get, or null to get the current session.

Returns

SimpleSAML_Session|null The session that is stored in the session handler, or null if the session wasn't found.

Definition at line 317 of file Session.php.

References $_COOKIE, $globalConfig, $session, $sessionId, SimpleSAML_Configuration\getInstance(), SimpleSAML\SessionHandler\getSessionHandler(), and SimpleSAML\Logger\warning().

Referenced by sspmod_saml_SP_LogoutStore\addSession().

    {
        assert('is_string($sessionId) || is_null($sessionId)');

        $sh = \SimpleSAML\SessionHandler::getSessionHandler();

        if ($sessionId === null) {
            $checkToken = true;
            $sessionId = $sh->getCookieSessionId();
            if ($sessionId === null) {
                return null;
            }
        } else {
            $checkToken = false;
        }

        if (array_key_exists($sessionId, self::$sessions)) {
            return self::$sessions[$sessionId];
        }

        $session = $sh->loadSession($sessionId);
        if ($session === null) {
            return null;
        }

        assert('$session instanceof self');

        if ($checkToken) {
            $globalConfig = SimpleSAML_Configuration::getInstance();

            if ($session->authToken !== null) {
                $authTokenCookieName = $globalConfig->getString(
                    'session.authtoken.cookiename',
                    'SimpleSAMLAuthToken'
                );
                if (!isset($_COOKIE[$authTokenCookieName])) {
                    SimpleSAML\Logger::warning('Missing AuthToken cookie.');
                    return null;
                }
                if (!SimpleSAML\Utils\Crypto::secureCompare($session->authToken, $_COOKIE[$authTokenCookieName])) {
                    SimpleSAML\Logger::warning('Invalid AuthToken cookie.');
                    return null;
                }
            }

            // run session check function if defined
            $checkFunction = $globalConfig->getArray('session.check_function', null);
            if (isset($checkFunction)) {
                assert('is_callable($checkFunction)');
                $check = call_user_func($checkFunction, $session);
                if ($check !== true) {
                    SimpleSAML\Logger::warning('Session did not pass check function.');
                    return null;
                }
            }
        }

        self::$sessions[$sessionId] = $session;

        return $session;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

getSessionFromRequest()

static SimpleSAML_Session::getSessionFromRequest ( )

static

Retrieves the current session.

Creates a new session if there's not one.

Returns

SimpleSAML_Session The current session.

Exceptions

Exception

When session couldn't be initialized and the session fallback is disabled by configuration.

Definition at line 243 of file Session.php.

References $session, SimpleSAML\Logger\error(), SimpleSAML_Configuration\getInstance(), and SimpleSAML\Error\CannotSetCookie\SECURE_COOKIE.

Referenced by SimpleSAML_XHTML_IdPDisco\__construct(), SimpleSAML_IdP\addAssociation(), SimpleSAML_Auth_Source\addLogoutCallback(), sspmod_saml_SP_LogoutStore\addSession(), sspmod_negotiate_Auth_Source_Negotiate\authenticate(), SimpleSAML_Auth_Source\callLogoutCallback(), SimpleSAML_Utilities\createHttpPostRedirectLink(), sspmod_multiauth_Auth_Source_MultiAuth\delegateAuthentication(), SimpleSAML\Logger\flush(), SimpleSAML_IdP\getAssociations(), ilSimpleSAMLphpWrapper\getParam(), SimpleSAML\Utils\HTTP\getSecurePOSTRedirectURL(), SimpleSAML_IdP\handleLogoutRequest(), SimpleSAML_IdP\handleLogoutResponse(), sspmod_saml_Auth_Source_SP\handleUnsolicitedAuth(), SimpleSAML_Auth_Default\initLogoutReturn(), SimpleSAML\Utils\Auth\isAdmin(), SimpleSAML_Auth_State\loadState(), SimpleSAML_Auth_Source\loginCompleted(), sspmod_multiauth_Auth_Source_MultiAuth\logout(), sspmod_negotiate_Auth_Source_Negotiate\logout(), SimpleSAML_Auth_Source\logoutCallback(), ilSimpleSAMLphpWrapper\popParam(), SimpleSAML_IdP\postAuth(), SimpleSAML_IdP\postAuthProc(), sspmod_core_Auth_Process_ExtendIdPSession\process(), SimpleSAML_Auth_Source\reauthenticate(), sspmod_saml_Auth_Source_SP\reauthenticate(), sspmod_saml_Auth_Source_SP\reauthPostLogin(), SimpleSAML_Error_Error\saveError(), SimpleSAML_Auth_State\saveState(), SimpleSAML_Error_Error\show(), ilSimpleSAMLphpWrapper\storeParam(), and SimpleSAML_IdP\terminateAssociation().

    {
        // check if we already have initialized the session
        if (isset(self::$instance)) {
            return self::$instance;
        }

        // check if we have stored a session stored with the session handler
        $session = null;
        try {
            $session = self::getSession();
        } catch (Exception $e) {
            /*
             * For some reason, we were unable to initialize this session. Note that this error might be temporary, and
             * it's possible that we can recover from it in subsequent requests, so we should not try to create a new
             * session here. Therefore, use just a transient session and throw the exception for someone else to handle
             * it.
             */
            SimpleSAML\Logger::error('Error loading session: '.$e->getMessage());
            self::useTransientSession();
            if ($e instanceof SimpleSAML_Error_Exception) {
                $cause = $e->getCause();
                if ($cause instanceof Exception) {
                    throw $cause;
                }
            }
            throw $e;
        }

        // if getSession() found it, use it
        if ($session instanceof SimpleSAML_Session) {
            return self::load($session);
        }

        /*
         * We didn't have a session loaded when we started, but we have it now. At this point, getSession() failed but
         * it must have triggered the creation of a session at some point during the process (e.g. while logging an
         * error message). This means we don't need to create a new session again, we can use the one that's loaded now
         * instead.
         */
        if (self::$instance !== null) {
            return self::$instance;
        }

        // try to create a new session
        try {
            self::load(new SimpleSAML_Session());
        } catch (\SimpleSAML\Error\CannotSetCookie $e) {
            // can't create a regular session because we can't set cookies. Use transient.
            $c = SimpleSAML_Configuration::getInstance();
            self::useTransientSession();

            if ($e->getCode() === \SimpleSAML\Error\CannotSetCookie::SECURE_COOKIE) {
                throw new \SimpleSAML\Error\CriticalConfigurationError(
                    $e->getMessage(),
                    null,
                    $c->toArray()
                );
            }
            SimpleSAML\Logger::error('Error creating session: '.$e->getMessage());
        }

        // we must have a session now, either regular or transient
        return self::$instance;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

getSessionId()

SimpleSAML_Session::getSessionId

(

)

Retrieve the session ID of this session.

Returns

string|null The session ID, or null if this is a transient session.

Definition at line 514 of file Session.php.

References $sessionId.

Referenced by SimpleSAML\SessionHandlerStore\saveSession().

    {
        return $this->sessionId;
    }

Here is the caller graph for this function:

getTrackID()

SimpleSAML_Session::getTrackID

(

)

Get a unique ID that will be permanent for this session.

Used for debugging and tracing log files related to a session.

Returns

string|null The unique ID.

Definition at line 535 of file Session.php.

References $trackid.

Referenced by load().

    {
        return $this->trackid;
    }

Here is the caller graph for this function:

hasSessionCookie()

SimpleSAML_Session::hasSessionCookie

(

)

Check whether the session cookie is set.

This function will only return false if is is certain that the cookie isn't set.

Returns

bool true if it was set, false if not.

Definition at line 1041 of file Session.php.

References SimpleSAML\SessionHandler\getSessionHandler().

    {
        $sh = \SimpleSAML\SessionHandler::getSessionHandler();
        return $sh->hasSessionCookie();
    }

Here is the call graph for this function:

isTransient()

SimpleSAML_Session::isTransient

(

)

Retrieve if session is transient.

Returns

boolean The session transient flag.

Definition at line 524 of file Session.php.

References $transient.

Referenced by markDirty().

    {
        return $this->transient;
    }

Here is the caller graph for this function:

isValid()

SimpleSAML_Session::isValid

(

$authority

)

Is the session representing an authenticated user, and is the session still alive.

This function will return false after the user has timed out.

Parameters

string

$authority

The authentication source that the user should be authenticated with.

Returns

true if the user has a valid session, false if not.

Definition at line 734 of file Session.php.

References $authority, SimpleSAML\Logger\debug(), and time.

Referenced by doLogout(), and getAuthorities().

    {
        assert('is_string($authority)');

        if (!isset($this->authData[$authority])) {
            SimpleSAML\Logger::debug(
                'Session: '.var_export($authority, true).
                ' not valid because we are not authenticated.'
            );
            return false;
        }

        if ($this->authData[$authority]['Expire'] <= time()) {
            SimpleSAML\Logger::debug('Session: '.var_export($authority, true).' not valid because it is expired.');
            return false;
        }

        SimpleSAML\Logger::debug('Session: Valid session found with '.var_export($authority, true).'.');

        return true;
    }

Here is the call graph for this function:

Here is the caller graph for this function:

load()

static SimpleSAML_Session::load ( SimpleSAML_Session  $session )

staticprivate

Load a given session as the current one.

This method will also set the track ID in the logger to the one in the given session.

Warning: never set self::$instance yourself, call this method instead.

Parameters

SimpleSAML_Session

$session

The session to load.

Returns

SimpleSAML_Session The session we just loaded, just for convenience.

Definition at line 390 of file Session.php.

References $session, getTrackID(), and SimpleSAML\Logger\setTrackId().

    {
        SimpleSAML\Logger::setTrackId($session->getTrackID());
        self::$instance = $session;
        return self::$instance;
    }

Here is the call graph for this function:

markDirty()

SimpleSAML_Session::markDirty

(

)

Mark this session as dirty.

This method will register a callback to save the session right before any output is sent to the browser.

Definition at line 477 of file Session.php.

References array, and isTransient().

Referenced by __construct(), addAssociation(), deleteData(), doLogin(), doLogout(), registerLogoutHandler(), setAuthorityExpire(), setData(), and terminateAssociation().

    {
        if ($this->isTransient()) {
            return;
        }

        $this->dirty = true;

        if (!function_exists('header_register_callback')) {
            // PHP version < 5.4, can't register the callback
            return;
        }

        if ($this->callback_registered) {
            // we already have a shutdown callback registered for this object, no need to add another one
            return;
        }
        $this->callback_registered = header_register_callback(array($this, 'save'));
    }

Here is the call graph for this function:

Here is the caller graph for this function:

registerLogoutHandler()

SimpleSAML_Session::registerLogoutHandler	(		$authority,
			$classname,
			$functionname
	)

This function registers a logout handler.

Parameters

string	$authority	The authority for which register the handler.
string	$classname	The class which contains the logout handler.
string	$functionname	The logout handler function.

Exceptions

Exception

If the handler is not a valid function or method.

Definition at line 809 of file Session.php.

References $authority, array, and markDirty().

    {
        assert('isset($this->authData[$authority])');

        $logout_handler = array($classname, $functionname);

        if (!is_callable($logout_handler)) {
            throw new Exception(
                'Logout handler is not a vaild function: '.$classname.'::'.
                $functionname
            );
        }

        $this->authData[$authority]['LogoutHandlers'][] = $logout_handler;
        $this->markDirty();
    }

Here is the call graph for this function:

save()

SimpleSAML_Session::save

(

)

Save the session to the store.

This method saves the session to the session handler in case it has been marked as dirty.

WARNING: please do not use this method directly unless you really need to and know what you are doing. Use markDirty() instead.

Definition at line 432 of file Session.php.

References SimpleSAML\Logger\error(), and SimpleSAML\SessionHandler\getSessionHandler().

Referenced by __destruct(), and cleanup().

    {
        if (!$this->dirty) {
            // session hasn't changed, don't bother saving it
            return;
        }

        $this->dirty = false;
        $this->callback_registered = false;

        $sh = \SimpleSAML\SessionHandler::getSessionHandler();

        try {
            $sh->saveSession($this);
        } catch (Exception $e) {
            if (!($e instanceof SimpleSAML_Error_Exception)) {
                $e = new SimpleSAML_Error_UnserializableException($e);
            }
            SimpleSAML\Logger::error('Unable to save session.');
            $e->logError();
        }
    }

Here is the call graph for this function:

Here is the caller graph for this function:

serialize()

SimpleSAML_Session::serialize

(

)

Serialize this session object.

This method will be invoked by any calls to serialize().

Returns

string The serialized representation of this session object.

Definition at line 197 of file Session.php.

    {
        $serialized = serialize(get_object_vars($this));
        return $serialized;
    }

setAuthorityExpire()

SimpleSAML_Session::setAuthorityExpire	(		$authority,
			$expire = null
	)

Set the lifetime for authentication source.

Parameters

string	$authority	The authentication source we are setting expire time for.
int	$expire	The number of seconds authentication source is valid.

Definition at line 785 of file Session.php.

References $authority, $expire, $globalConfig, SimpleSAML_Configuration\getInstance(), markDirty(), and time.

    {
        assert('isset($this->authData[$authority])');
        assert('is_int($expire) || is_null($expire)');

        $this->markDirty();

        if ($expire === null) {
            $globalConfig = SimpleSAML_Configuration::getInstance();
            $expire = time() + $globalConfig->getInteger('session.duration', 8 * 60 * 60);
        }

        $this->authData[$authority]['Expire'] = $expire;
    }

Here is the call graph for this function:

setData()

SimpleSAML_Session::setData	(		$type,
			$id,
			$data,
			$timeout = null
	)

This function stores data in the data store.

The timeout value can be SimpleSAML_Session::DATA_TIMEOUT_SESSION_END, which indicates that the data should never be deleted.

Parameters

string	$type	The type of the data. This is checked when retrieving data from the store.
string	$id	The identifier of the data.
mixed	$data	The data.
int | null	$timeout	The number of seconds this data should be stored after its last access. This parameter is optional. The default value is set in 'session.datastore.timeout', and the default is 4 hours.

Exceptions

Exception

If the data couldn't be stored.

Definition at line 867 of file Session.php.

References $data, $id, $type, array, expireData(), SimpleSAML_Configuration\getInstance(), markDirty(), and time.

    {
        assert('is_string($type)');
        assert('is_string($id)');
        assert('is_int($timeout) || is_null($timeout) || $timeout === self::DATA_TIMEOUT_SESSION_END');

        // clean out old data
        $this->expireData();

        if ($timeout === null) {
            // use the default timeout
            $configuration = SimpleSAML_Configuration::getInstance();

            $timeout = $configuration->getInteger('session.datastore.timeout', null);
            if ($timeout !== null) {
                if ($timeout <= 0) {
                    throw new Exception(
                        'The value of the session.datastore.timeout'.
                        ' configuration option should be a positive integer.'
                    );
                }
            }
        }

        if ($timeout === self::DATA_TIMEOUT_SESSION_END) {
            $expires = self::DATA_TIMEOUT_SESSION_END;
        } else {
            $expires = time() + $timeout;
        }

        $dataInfo = array(
            'expires' => $expires,
            'timeout' => $timeout,
            'data'    => $data
        );

        if (!is_array($this->dataStore)) {
            $this->dataStore = array();
        }

        if (!array_key_exists($type, $this->dataStore)) {
            $this->dataStore[$type] = array();
        }

        $this->dataStore[$type][$id] = $dataInfo;

        $this->markDirty();
    }

Here is the call graph for this function:

setRememberMeExpire()

SimpleSAML_Session::setRememberMeExpire

(

$expire = null

)

Set remember me expire time.

Parameters

int

$expire

Unix timestamp when remember me session cookies expire.

Definition at line 555 of file Session.php.

References $expire, $globalConfig, array, SimpleSAML_Configuration\getInstance(), time, and updateSessionCookies().

Referenced by doLogin().

    {
        assert('is_int($expire) || is_null($expire)');

        if ($expire === null) {
            $globalConfig = SimpleSAML_Configuration::getInstance();
            $expire = time() + $globalConfig->getInteger('session.rememberme.lifetime', 14 * 86400);
        }
        $this->rememberMeExpire = $expire;

        $cookieParams = array('expire' => $this->rememberMeExpire);
        $this->updateSessionCookies($cookieParams);
    }

Here is the call graph for this function:

Here is the caller graph for this function:

terminateAssociation()

SimpleSAML_Session::terminateAssociation	(		$idp,
			$associationId
	)

Remove an SP association for an IdP.

This function is only for use by the SimpleSAML_IdP class.

Parameters

string	$idp	The IdP id.
string	$associationId	The id of the association.

Definition at line 1120 of file Session.php.

References $idp, and markDirty().

    {
        assert('is_string($idp)');
        assert('is_string($associationId)');

        if (!isset($this->associations)) {
            return;
        }

        if (!isset($this->associations[$idp])) {
            return;
        }

        unset($this->associations[$idp][$associationId]);

        $this->markDirty();
    }

Here is the call graph for this function:

unserialize()

SimpleSAML_Session::unserialize

(

$serialized

)

Unserialize a session object and load it.

This method will be invoked by any calls to unserialize(), allowing us to restore any data that might not be serializable in its original form (e.g.: DOM objects).

Parameters

string

$serialized

The serialized representation of a session that we want to restore.

Definition at line 212 of file Session.php.

References $authority, and $session.

    {
        $session = unserialize($serialized);
        if (is_array($session)) {
            foreach ($session as $k => $v) {
                $this->$k = $v;
            }
        }

        // look for any raw attributes and load them in the 'Attributes' array
        foreach ($this->authData as $authority => $parameters) {
            if (!array_key_exists('RawAttributes', $parameters)) {
                continue;
            }

            foreach ($parameters['RawAttributes'] as $attribute => $values) {
                foreach ($values as $idx => $value) { // this should be originally a DOMNodeList
                    /* @var \SAML2\XML\saml\AttributeValue $value */
                    $this->authData[$authority]['Attributes'][$attribute][$idx] = $value->element->childNodes;
                }
            }
        }
    }

updateSessionCookies()

SimpleSAML_Session::updateSessionCookies

(

$params = null

)

Update session cookies.

Parameters

array

$params

The parameters for the cookies.

Definition at line 761 of file Session.php.

References $authToken, $globalConfig, $params, $sessionId, SimpleSAML_Configuration\getInstance(), SimpleSAML\SessionHandler\getSessionHandler(), and SimpleSAML\Utils\HTTP\setCookie().

Referenced by doLogout(), and setRememberMeExpire().

    {
        $sessionHandler = \SimpleSAML\SessionHandler::getSessionHandler();

        if ($this->sessionId !== null) {
            $sessionHandler->setCookie($sessionHandler->getSessionCookieName(), $this->sessionId, $params);
        }

        if ($this->authToken !== null) {
            $globalConfig = SimpleSAML_Configuration::getInstance();
            \SimpleSAML\Utils\HTTP::setCookie(
                $globalConfig->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'),
                $this->authToken,
                $params
            );
        }
    }

Here is the call graph for this function:

Here is the caller graph for this function:

useTransientSession()

static SimpleSAML_Session::useTransientSession ( )

static

Use a transient session.

Create a session that should not be saved at the end of the request. Subsequent calls to getInstance() will return this transient session.

Definition at line 403 of file Session.php.

    {
        if (isset(self::$instance)) {
            // we already have a session, don't bother with a transient session
            return;
        }

        self::load(new SimpleSAML_Session(true));
    }

Field Documentation

$associations

SimpleSAML_Session::$associations = array()

private

Definition at line 114 of file Session.php.

$authData

SimpleSAML_Session::$authData

private

Definition at line 134 of file Session.php.

$authToken

SimpleSAML_Session::$authToken

private

Definition at line 124 of file Session.php.

Referenced by doLogin(), and updateSessionCookies().

$callback_registered

SimpleSAML_Session::$callback_registered = false

private

Definition at line 90 of file Session.php.

$dataStore

SimpleSAML_Session::$dataStore = null

private

Definition at line 103 of file Session.php.

$dirty

SimpleSAML_Session::$dirty = false

private

Definition at line 82 of file Session.php.

$instance

SimpleSAML_Session::$instance = null

staticprivate

This variable holds the instance of the session - Singleton approach.

Warning: do not set the instance manually, call SimpleSAML_Session::load() instead.

Definition at line 44 of file Session.php.

$rememberMeExpire

SimpleSAML_Session::$rememberMeExpire = null

private

Definition at line 73 of file Session.php.

Referenced by getRememberMeExpire().

$sessionId

SimpleSAML_Session::$sessionId

private

Definition at line 52 of file Session.php.

Referenced by __construct(), createSession(), getSession(), getSessionId(), and updateSessionCookies().

$sessions

SimpleSAML_Session::$sessions = array()

staticprivate

Definition at line 36 of file Session.php.

$trackid

SimpleSAML_Session::$trackid = null

private

Definition at line 70 of file Session.php.

Referenced by getTrackID().

$transient

SimpleSAML_Session::$transient = false

private

Definition at line 60 of file Session.php.

Referenced by __construct(), and isTransient().

DATA_TIMEOUT_SESSION_END

const SimpleSAML_Session::DATA_TIMEOUT_SESSION_END = 'sessionEndTimeout'

This is a timeout value for setData, which indicates that the data should never be deleted, i.e.

lasts the whole session lifetime.

Definition at line 26 of file Session.php.

Referenced by SimpleSAML_Auth_Source\addLogoutCallback(), sspmod_multiauth_Auth_Source_MultiAuth\delegateAuthentication(), and SimpleSAML_IdP\postAuthProc().

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/simplesamlphp/simplesamlphp/lib/SimpleSAML/Session.php