ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
SimpleSAML_Session Class Reference
+ Inheritance diagram for SimpleSAML_Session:
+ Collaboration diagram for SimpleSAML_Session:

Public Member Functions

 serialize ()
 Serialize this session object. More...
 
 unserialize ($serialized)
 Unserialize a session object and load it. More...
 
 save ()
 Save the session to the store. More...
 
 cleanup ()
 Save the current session and clean any left overs that could interfere with the normal application behaviour. More...
 
 markDirty ()
 Mark this session as dirty. More...
 
 __destruct ()
 Destroy the session. More...
 
 getSessionId ()
 Retrieve the session ID of this session. More...
 
 isTransient ()
 Retrieve if session is transient. More...
 
 getTrackID ()
 Get a unique ID that will be permanent for this session. More...
 
 getRememberMeExpire ()
 Get remember me expire time. More...
 
 setRememberMeExpire ($expire=null)
 Set remember me expire time. More...
 
 doLogin ($authority, array $data=null)
 Marks the user as logged in with the specified authority. More...
 
 doLogout ($authority)
 Marks the user as logged out. More...
 
 isValid ($authority)
 Is the session representing an authenticated user, and is the session still alive. More...
 
 updateSessionCookies ($params=null)
 Update session cookies. More...
 
 setAuthorityExpire ($authority, $expire=null)
 Set the lifetime for authentication source. More...
 
 registerLogoutHandler ($authority, $classname, $functionname)
 This function registers a logout handler. More...
 
 deleteData ($type, $id)
 Delete data from the data store. More...
 
 setData ($type, $id, $data, $timeout=null)
 This function stores data in the data store. More...
 
 getData ($type, $id)
 This function retrieves data from the data store. More...
 
 getDataOfType ($type)
 This function retrieves all data of the specified type from the data store. More...
 
 getAuthState ($authority)
 Get the current persistent authentication state. More...
 
 hasSessionCookie ()
 Check whether the session cookie is set. More...
 
 addAssociation ($idp, array $association)
 Add an SP association for an IdP. More...
 
 getAssociations ($idp)
 Retrieve the associations for an IdP. More...
 
 terminateAssociation ($idp, $associationId)
 Remove an SP association for an IdP. More...
 
 getAuthData ($authority, $name)
 Retrieve authentication data. More...
 
 getAuthorities ()
 Retrieve a list of authorities (authentication sources) that are currently valid within this session. More...
 

Static Public Member Functions

static getSessionFromRequest ()
 Retrieves the current session. More...
 
static getSession ($sessionId=null)
 Get a session from the session handler. More...
 
static useTransientSession ()
 Use a transient session. More...
 
static createSession ($sessionId)
 Create a new session and cache it. More...
 

Data Fields

const DATA_TIMEOUT_SESSION_END = 'sessionEndTimeout'
 This is a timeout value for setData, which indicates that the data should never be deleted, i.e. More...
 

Private Member Functions

 __construct ($transient=false)
 Private constructor that restricts instantiation to either getSessionFromRequest() for the current session or getSession() for a specific one. More...
 
 callLogoutHandlers ($authority)
 This function calls all registered logout handlers. More...
 
 expireData ()
 This function removes expired data from the data store. More...
 

Static Private Member Functions

static load (SimpleSAML_Session $session)
 Load a given session as the current one. More...
 

Private Attributes

 $sessionId
 
 $transient = false
 
 $trackid = null
 
 $rememberMeExpire = null
 
 $dirty = false
 
 $callback_registered = false
 
 $dataStore = null
 
 $associations = array()
 
 $authToken
 
 $authData
 

Static Private Attributes

static $sessions = array()
 
static $instance = null
 This variable holds the instance of the session - Singleton approach. More...
 

Detailed Description

Definition at line 19 of file Session.php.

Constructor & Destructor Documentation

◆ __construct()

SimpleSAML_Session::__construct (   $transient = false)
private

Private constructor that restricts instantiation to either getSessionFromRequest() for the current session or getSession() for a specific one.

Parameters
boolean$transientWhether to create a transient session or not.

Definition at line 143 of file Session.php.

144 {
145 $this->authData = array();
146
147 if (php_sapi_name() === 'cli' || defined('STDIN')) {
148 $this->trackid = 'CL'.bin2hex(openssl_random_pseudo_bytes(4));
149 SimpleSAML\Logger::setTrackId($this->trackid);
150 $this->transient = $transient;
151 return;
152 }
153
154 if ($transient) { // transient session
156 $this->trackid = 'TR'.bin2hex(openssl_random_pseudo_bytes(4));
157 SimpleSAML\Logger::setTrackId($this->trackid);
158 $this->transient = true;
159
160 /*
161 * Initialize the session ID. It might be that we have a session cookie but we couldn't load the session.
162 * If that's the case, use that ID. If not, create a new ID.
163 */
164 $this->sessionId = $sh->getCookieSessionId();
165 if ($this->sessionId === null) {
166 $this->sessionId = $sh->newSessionId();
167 }
168 } else { // regular session
170 $this->sessionId = $sh->newSessionId();
171 $sh->setCookie($sh->getSessionCookieName(), $this->sessionId, $sh->getCookieParams());
172
173
174 $this->trackid = bin2hex(openssl_random_pseudo_bytes(5));
175 SimpleSAML\Logger::setTrackId($this->trackid);
176
177 $this->markDirty();
178
179 // initialize data for session check function if defined
181 $checkFunction = $globalConfig->getArray('session.check_function', null);
182 if (isset($checkFunction)) {
183 assert('is_callable($checkFunction)');
184 call_user_func($checkFunction, $this, true);
185 }
186 }
187 }
static setTrackId($trackId)
Set the track identifier to use in all logs.
Definition: Logger.php:255
static getSessionHandler()
This function retrieves the current instance of the session handler.
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
markDirty()
Mark this session as dirty.
Definition: Session.php:477
defined( 'APPLICATION_ENV')||define( 'APPLICATION_ENV'
Definition: bootstrap.php:27
$globalConfig

References $globalConfig, $transient, defined, SimpleSAML_Configuration\getInstance(), SimpleSAML\SessionHandler\getSessionHandler(), markDirty(), and SimpleSAML\Logger\setTrackId().

+ Here is the call graph for this function:

◆ __destruct()

SimpleSAML_Session::__destruct ( )

Destroy the session.

Destructor for this class. It will save the session to the session handler in case the session has been marked as dirty. Do nothing otherwise.

Definition at line 504 of file Session.php.

505 {
506 $this->save();
507 }
save()
Save the session to the store.
Definition: Session.php:432

References save().

+ Here is the call graph for this function:

Member Function Documentation

◆ addAssociation()

SimpleSAML_Session::addAssociation (   $idp,
array  $association 
)

Add an SP association for an IdP.

This function is only for use by the SimpleSAML_IdP class.

Parameters
string$idpThe IdP id.
array$associationThe association we should add.

Definition at line 1056 of file Session.php.

1057 {
1058 assert('is_string($idp)');
1059 assert('isset($association["id"])');
1060 assert('isset($association["Handler"])');
1061
1062 if (!isset($this->associations)) {
1063 $this->associations = array();
1064 }
1065
1066 if (!isset($this->associations[$idp])) {
1067 $this->associations[$idp] = array();
1068 }
1069
1070 $this->associations[$idp][$association['id']] = $association;
1071
1072 $this->markDirty();
1073 }
if(!isset($associations[$assocId])) $association
$idp
Definition: prp.php:13

References $association, $idp, and markDirty().

+ Here is the call graph for this function:

◆ callLogoutHandlers()

SimpleSAML_Session::callLogoutHandlers (   $authority)
private

This function calls all registered logout handlers.

Parameters
string$authorityThe authentication source we are logging out from.
Exceptions
ExceptionIf the handler is not a valid function or method.

Definition at line 698 of file Session.php.

699 {
700 assert('is_string($authority)');
701 assert('isset($this->authData[$authority])');
702
703 if (empty($this->authData[$authority]['LogoutHandlers'])) {
704 return;
705 }
706 foreach ($this->authData[$authority]['LogoutHandlers'] as $handler) {
707 // verify that the logout handler is a valid function
708 if (!is_callable($handler)) {
709 $classname = $handler[0];
710 $functionname = $handler[1];
711
712 throw new Exception(
713 'Logout handler is not a valid function: '.$classname.'::'.
714 $functionname
715 );
716 }
717
718 // call the logout handler
719 call_user_func($handler);
720 }
721
722 // we require the logout handlers to register themselves again if they want to be called later
723 unset($this->authData[$authority]['LogoutHandlers']);
724 }
$authority
$handler

References $authority, and $handler.

Referenced by doLogout().

+ Here is the caller graph for this function:

◆ cleanup()

SimpleSAML_Session::cleanup ( )

Save the current session and clean any left overs that could interfere with the normal application behaviour.

Use this method if you are using PHP sessions in your application and in SimpleSAMLphp, after you are done using SimpleSAMLphp and before trying to access your application's session again.

Definition at line 462 of file Session.php.

463 {
464 $this->save();
466 if ($sh instanceof \SimpleSAML\SessionHandlerPHP) {
467 $sh->restorePrevious();
468 }
469 }
Attribute-related utility methods.

References SimpleSAML\SessionHandler\getSessionHandler(), and save().

+ Here is the call graph for this function:

◆ createSession()

static SimpleSAML_Session::createSession (   $sessionId)
static

Create a new session and cache it.

Parameters
string$sessionIdThe new session we should create.

Definition at line 418 of file Session.php.

419 {
420 assert('is_string($sessionId)');
421 self::$sessions[$sessionId] = null;
422 }

References $sessionId.

Referenced by SimpleSAML\SessionHandlerCookie\newSessionId(), and SimpleSAML\SessionHandlerPHP\newSessionId().

+ Here is the caller graph for this function:

◆ deleteData()

SimpleSAML_Session::deleteData (   $type,
  $id 
)

Delete data from the data store.

This function immediately deletes the data with the given type and id from the data store.

Parameters
string$typeThe type of the data.
string$idThe identifier of the data.

Definition at line 834 of file Session.php.

835 {
836 assert('is_string($type)');
837 assert('is_string($id)');
838
839 if (!is_array($this->dataStore)) {
840 return;
841 }
842
843 if (!array_key_exists($type, $this->dataStore)) {
844 return;
845 }
846
847 unset($this->dataStore[$type][$id]);
848 $this->markDirty();
849 }
if(!array_key_exists('StateId', $_REQUEST)) $id
$type

References $id, $type, and markDirty().

+ Here is the call graph for this function:

◆ doLogin()

SimpleSAML_Session::doLogin (   $authority,
array  $data = null 
)

Marks the user as logged in with the specified authority.

If the user already has logged in, the user will be logged out first.

Parameters
string$authorityThe authority the user logged in with.
array | null$dataThe authentication data for this authority.
Exceptions

SimpleSAML\Error\CannotSetCookie If the authentication token cannot be set for some reason.

Definition at line 579 of file Session.php.

580 {
581 assert('is_string($authority)');
582 assert('is_array($data) || is_null($data)');
583
584 SimpleSAML\Logger::debug('Session: doLogin("'.$authority.'")');
585
586 $this->markDirty();
587
588 if (isset($this->authData[$authority])) {
589 // we are already logged in, log the user out first
590 $this->doLogout($authority);
591 }
592
593 if ($data === null) {
594 $data = array();
595 }
596
597 $data['Authority'] = $authority;
598
600 if (!isset($data['AuthnInstant'])) {
601 $data['AuthnInstant'] = time();
602 }
603
604 $maxSessionExpire = time() + $globalConfig->getInteger('session.duration', 8 * 60 * 60);
605 if (!isset($data['Expire']) || $data['Expire'] > $maxSessionExpire) {
606 // unset, or beyond our session lifetime. Clamp it to our maximum session lifetime
607 $data['Expire'] = $maxSessionExpire;
608 }
609
610 // check if we have non-serializable attribute values
611 foreach ($data['Attributes'] as $attribute => $values) {
612 foreach ($values as $idx => $value) {
613 if (is_string($value) || is_int($value)) {
614 continue;
615 }
616
617 // at this point, this should be a DOMNodeList object...
618 if (!is_a($value, 'DOMNodeList')) {
619 continue;
620 }
621
622 /* @var \DOMNodeList $value */
623 if ($value->length === 0) {
624 continue;
625 }
626
627 // create an AttributeValue object and save it to 'RawAttributes', using same attribute name and index
628 $attrval = new \SAML2\XML\saml\AttributeValue($value->item(0)->parentNode);
629 $data['RawAttributes'][$attribute][$idx] = $attrval;
630 }
631 }
632
633 $this->authData[$authority] = $data;
634
635 $this->authToken = SimpleSAML\Utils\Random::generateID();
637
638 if (!$this->transient && (!empty($data['RememberMe']) || $this->rememberMeExpire) &&
639 $globalConfig->getBoolean('session.rememberme.enable', false)
640 ) {
641
642 $this->setRememberMeExpire();
643 } else {
644 try {
646 $globalConfig->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'),
647 $this->authToken,
648 $sessionHandler->getCookieParams()
649 );
650 } catch (SimpleSAML\Error\CannotSetCookie $e) {
651 /*
652 * Something went wrong when setting the auth token. We cannot recover from this, so we better log a
653 * message and throw an exception. The user is not properly logged in anyway, so clear all login
654 * information from the session.
655 */
656 unset($this->authToken);
657 unset($this->authData[$authority]);
658 \SimpleSAML\Logger::error('Cannot set authentication token cookie: '.$e->getMessage());
659 throw $e;
660 }
661 }
662 }
static error($string)
Definition: Logger.php:168
static debug($string)
Definition: Logger.php:213
static setCookie($name, $value, $params=null, $throw=true)
Set a cookie.
Definition: HTTP.php:1107
static generateID()
Generate a random identifier, ID_LENGTH bytes long.
Definition: Random.php:26
doLogout($authority)
Marks the user as logged out.
Definition: Session.php:671
setRememberMeExpire($expire=null)
Set remember me expire time.
Definition: Session.php:555

References $authority, $data, $globalConfig, SimpleSAML\Logger\debug(), doLogout(), SimpleSAML\Logger\error(), SimpleSAML\Utils\Random\generateID(), SimpleSAML_Configuration\getInstance(), SimpleSAML\SessionHandler\getSessionHandler(), markDirty(), SimpleSAML\Utils\HTTP\setCookie(), and setRememberMeExpire().

+ Here is the call graph for this function:

◆ doLogout()

SimpleSAML_Session::doLogout (   $authority)

Marks the user as logged out.

This function will call any registered logout handlers before marking the user as logged out.

Parameters
string$authorityThe authentication source we are logging out of.

Definition at line 671 of file Session.php.

672 {
673 SimpleSAML\Logger::debug('Session: doLogout('.var_export($authority, true).')');
674
675 if (!isset($this->authData[$authority])) {
676 SimpleSAML\Logger::debug('Session: Already logged out of '.$authority.'.');
677 return;
678 }
679
680 $this->markDirty();
681
682 $this->callLogoutHandlers($authority);
683 unset($this->authData[$authority]);
684
685 if (!$this->isValid($authority) && $this->rememberMeExpire) {
686 $this->rememberMeExpire = null;
687 $this->updateSessionCookies();
688 }
689 }
updateSessionCookies($params=null)
Update session cookies.
Definition: Session.php:761
callLogoutHandlers($authority)
This function calls all registered logout handlers.
Definition: Session.php:698
isValid($authority)
Is the session representing an authenticated user, and is the session still alive.
Definition: Session.php:734

References $authority, callLogoutHandlers(), SimpleSAML\Logger\debug(), isValid(), markDirty(), and updateSessionCookies().

Referenced by doLogin().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ expireData()

SimpleSAML_Session::expireData ( )
private

This function removes expired data from the data store.

Note that this function doesn't mark the session object as dirty. This means that if the only change to the session object is that some data has expired, it will not be written back to the session store.

Definition at line 923 of file Session.php.

924 {
925 if (!is_array($this->dataStore)) {
926 return;
927 }
928
929 $ct = time();
930
931 foreach ($this->dataStore as &$typedData) {
932 foreach ($typedData as $id => $info) {
933 if ($info['expires'] === self::DATA_TIMEOUT_SESSION_END) {
934 // this data never expires
935 continue;
936 }
937
938 if ($ct > $info['expires']) {
939 unset($typedData[$id]);
940 }
941 }
942 }
943 }
$info
Definition: index.php:5

References $id, and $info.

Referenced by getData(), and setData().

+ Here is the caller graph for this function:

◆ getAssociations()

SimpleSAML_Session::getAssociations (   $idp)

Retrieve the associations for an IdP.

This function is only for use by the SimpleSAML_IdP class.

Parameters
string$idpThe IdP id.
Returns
array The IdP associations.

Definition at line 1085 of file Session.php.

1086 {
1087 assert('is_string($idp)');
1088
1089 if (!isset($this->associations)) {
1090 $this->associations = array();
1091 }
1092
1093 if (!isset($this->associations[$idp])) {
1094 return array();
1095 }
1096
1097 foreach ($this->associations[$idp] as $id => $assoc) {
1098 if (!isset($assoc['Expires'])) {
1099 continue;
1100 }
1101 if ($assoc['Expires'] >= time()) {
1102 continue;
1103 }
1104
1105 unset($this->associations[$idp][$id]);
1106 }
1107
1108 return $this->associations[$idp];
1109 }

References $id, and $idp.

◆ getAuthData()

SimpleSAML_Session::getAuthData (   $authority,
  $name 
)

Retrieve authentication data.

Parameters
string$authorityThe authentication source we should retrieve data from.
string$nameThe name of the data we should retrieve.
Returns
mixed The value, or null if the value wasn't found.

Definition at line 1147 of file Session.php.

1148 {
1149 assert('is_string($authority)');
1150 assert('is_string($name)');
1151
1152 if (!isset($this->authData[$authority][$name])) {
1153 return null;
1154 }
1155 return $this->authData[$authority][$name];
1156 }
if($format !==null) $name
Definition: metadata.php:146

References $authority, and $name.

◆ getAuthorities()

SimpleSAML_Session::getAuthorities ( )

Retrieve a list of authorities (authentication sources) that are currently valid within this session.

Returns
mixed An array containing every authority currently valid. Empty if none available.

Definition at line 1165 of file Session.php.

1166 {
1167 $authorities = array();
1168 foreach (array_keys($this->authData) as $authority) {
1169 if ($this->isValid($authority)) {
1170 $authorities[] = $authority;
1171 }
1172 }
1173 return $authorities;
1174 }

References $authority, and isValid().

+ Here is the call graph for this function:

◆ getAuthState()

SimpleSAML_Session::getAuthState (   $authority)

Get the current persistent authentication state.

Parameters
string$authorityThe authority to retrieve the data from.
Returns
array The current persistent authentication state, or null if not authenticated.

Definition at line 1022 of file Session.php.

1023 {
1024 assert('is_string($authority)');
1025
1026 if (!isset($this->authData[$authority])) {
1027 return null;
1028 }
1029
1030 return $this->authData[$authority];
1031 }

References $authority.

◆ getData()

SimpleSAML_Session::getData (   $type,
  $id 
)

This function retrieves data from the data store.

Note that this will not change when the data stored in the data store will expire. If that is required, the data should be written back with setData.

Parameters
string$typeThe type of the data. This must match the type used when adding the data.
string | null$idThe identifier of the data. Can be null, in which case null will be returned.
Returns
mixed The data of the given type with the given id or null if the data doesn't exist in the data store.

Definition at line 956 of file Session.php.

957 {
958 assert('is_string($type)');
959 assert('$id === null || is_string($id)');
960
961 if ($id === null) {
962 return null;
963 }
964
965 $this->expireData();
966
967 if (!is_array($this->dataStore)) {
968 return null;
969 }
970
971 if (!array_key_exists($type, $this->dataStore)) {
972 return null;
973 }
974
975 if (!array_key_exists($id, $this->dataStore[$type])) {
976 return null;
977 }
978
979 return $this->dataStore[$type][$id]['data'];
980 }
expireData()
This function removes expired data from the data store.
Definition: Session.php:923

References $id, $type, and expireData().

+ Here is the call graph for this function:

◆ getDataOfType()

SimpleSAML_Session::getDataOfType (   $type)

This function retrieves all data of the specified type from the data store.

The data will be returned as an associative array with the id of the data as the key, and the data as the value of each key. The value will be stored as a copy of the original data. setData must be used to update the data.

An empty array will be returned if no data of the given type is found.

Parameters
string$typeThe type of the data.
Returns
array An associative array with all data of the given type.

Definition at line 995 of file Session.php.

996 {
997 assert('is_string($type)');
998
999 if (!is_array($this->dataStore)) {
1000 return array();
1001 }
1002
1003 if (!array_key_exists($type, $this->dataStore)) {
1004 return array();
1005 }
1006
1007 $ret = array();
1008 foreach ($this->dataStore[$type] as $id => $info) {
1009 $ret[$id] = $info['data'];
1010 }
1011
1012 return $ret;
1013 }
$ret
Definition: parser.php:6

References $id, $info, $ret, and $type.

◆ getRememberMeExpire()

SimpleSAML_Session::getRememberMeExpire ( )

Get remember me expire time.

Returns
integer|null The remember me expire time.

Definition at line 545 of file Session.php.

546 {
548 }

References $rememberMeExpire.

◆ getSession()

static SimpleSAML_Session::getSession (   $sessionId = null)
static

Get a session from the session handler.

Parameters
string | null$sessionIdThe session we should get, or null to get the current session.
Returns
SimpleSAML_Session|null The session that is stored in the session handler, or null if the session wasn't found.

Definition at line 317 of file Session.php.

318 {
319 assert('is_string($sessionId) || is_null($sessionId)');
320
322
323 if ($sessionId === null) {
324 $checkToken = true;
325 $sessionId = $sh->getCookieSessionId();
326 if ($sessionId === null) {
327 return null;
328 }
329 } else {
330 $checkToken = false;
331 }
332
333 if (array_key_exists($sessionId, self::$sessions)) {
334 return self::$sessions[$sessionId];
335 }
336
337 $session = $sh->loadSession($sessionId);
338 if ($session === null) {
339 return null;
340 }
341
342 assert('$session instanceof self');
343
344 if ($checkToken) {
346
347 if ($session->authToken !== null) {
348 $authTokenCookieName = $globalConfig->getString(
349 'session.authtoken.cookiename',
350 'SimpleSAMLAuthToken'
351 );
352 if (!isset($_COOKIE[$authTokenCookieName])) {
353 SimpleSAML\Logger::warning('Missing AuthToken cookie.');
354 return null;
355 }
356 if (!SimpleSAML\Utils\Crypto::secureCompare($session->authToken, $_COOKIE[$authTokenCookieName])) {
357 SimpleSAML\Logger::warning('Invalid AuthToken cookie.');
358 return null;
359 }
360 }
361
362 // run session check function if defined
363 $checkFunction = $globalConfig->getArray('session.check_function', null);
364 if (isset($checkFunction)) {
365 assert('is_callable($checkFunction)');
366 $check = call_user_func($checkFunction, $session);
367 if ($check !== true) {
368 SimpleSAML\Logger::warning('Session did not pass check function.');
369 return null;
370 }
371 }
372 }
373
374 self::$sessions[$sessionId] = $session;
375
376 return $session;
377 }
$_COOKIE['client_id']
Definition: server.php:9
static warning($string)
Definition: Logger.php:179
$session

References $_COOKIE, $globalConfig, $session, $sessionId, SimpleSAML_Configuration\getInstance(), SimpleSAML\SessionHandler\getSessionHandler(), and SimpleSAML\Logger\warning().

Referenced by getSessionFromRequest().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getSessionFromRequest()

static SimpleSAML_Session::getSessionFromRequest ( )
static

Retrieves the current session.

Creates a new session if there's not one.

Returns
SimpleSAML_Session The current session.
Exceptions
ExceptionWhen session couldn't be initialized and the session fallback is disabled by configuration.

Definition at line 243 of file Session.php.

244 {
245 // check if we already have initialized the session
246 if (isset(self::$instance)) {
247 return self::$instance;
248 }
249
250 // check if we have stored a session stored with the session handler
251 $session = null;
252 try {
254 } catch (Exception $e) {
255 /*
256 * For some reason, we were unable to initialize this session. Note that this error might be temporary, and
257 * it's possible that we can recover from it in subsequent requests, so we should not try to create a new
258 * session here. Therefore, use just a transient session and throw the exception for someone else to handle
259 * it.
260 */
261 SimpleSAML\Logger::error('Error loading session: '.$e->getMessage());
263 if ($e instanceof SimpleSAML_Error_Exception) {
264 $cause = $e->getCause();
265 if ($cause instanceof Exception) {
266 throw $cause;
267 }
268 }
269 throw $e;
270 }
271
272 // if getSession() found it, use it
273 if ($session instanceof SimpleSAML_Session) {
274 return self::load($session);
275 }
276
277 /*
278 * We didn't have a session loaded when we started, but we have it now. At this point, getSession() failed but
279 * it must have triggered the creation of a session at some point during the process (e.g. while logging an
280 * error message). This means we don't need to create a new session again, we can use the one that's loaded now
281 * instead.
282 */
283 if (self::$instance !== null) {
284 return self::$instance;
285 }
286
287 // try to create a new session
288 try {
290 } catch (\SimpleSAML\Error\CannotSetCookie $e) {
291 // can't create a regular session because we can't set cookies. Use transient.
294
295 if ($e->getCode() === \SimpleSAML\Error\CannotSetCookie::SECURE_COOKIE) {
296 throw new \SimpleSAML\Error\CriticalConfigurationError(
297 $e->getMessage(),
298 null,
299 $c->toArray()
300 );
301 }
302 SimpleSAML\Logger::error('Error creating session: '.$e->getMessage());
303 }
304
305 // we must have a session now, either regular or transient
306 return self::$instance;
307 }
static getSession($sessionId=null)
Get a session from the session handler.
Definition: Session.php:317
static $instance
This variable holds the instance of the session - Singleton approach.
Definition: Session.php:44
static load(SimpleSAML_Session $session)
Load a given session as the current one.
Definition: Session.php:390
static useTransientSession()
Use a transient session.
Definition: Session.php:403

References $instance, $session, SimpleSAML\Logger\error(), SimpleSAML_Configuration\getInstance(), getSession(), load(), and useTransientSession().

Referenced by SimpleSAML_XHTML_IdPDisco\__construct(), SimpleSAML_IdP\addAssociation(), SimpleSAML_Auth_Source\addLogoutCallback(), sspmod_saml_SP_LogoutStore\addSession(), sspmod_negotiate_Auth_Source_Negotiate\authenticate(), SimpleSAML_Auth_Source\callLogoutCallback(), SimpleSAML_Utilities\createHttpPostRedirectLink(), sspmod_multiauth_Auth_Source_MultiAuth\delegateAuthentication(), SimpleSAML\Logger\flush(), SimpleSAML_IdP\getAssociations(), ilSimpleSAMLphpWrapper\getParam(), SimpleSAML\Utils\HTTP\getSecurePOSTRedirectURL(), SimpleSAML_IdP\handleLogoutRequest(), SimpleSAML_IdP\handleLogoutResponse(), sspmod_saml_Auth_Source_SP\handleUnsolicitedAuth(), SimpleSAML_Auth_Default\initLogoutReturn(), SimpleSAML\Utils\Auth\isAdmin(), SimpleSAML_Auth_State\loadState(), SimpleSAML_Auth_Source\loginCompleted(), sspmod_multiauth_Auth_Source_MultiAuth\logout(), sspmod_negotiate_Auth_Source_Negotiate\logout(), SimpleSAML_Auth_Source\logoutCallback(), ilSimpleSAMLphpWrapper\popParam(), SimpleSAML_IdP\postAuth(), SimpleSAML_IdP\postAuthProc(), sspmod_core_Auth_Process_ExtendIdPSession\process(), SimpleSAML_Auth_Source\reauthenticate(), sspmod_saml_Auth_Source_SP\reauthenticate(), sspmod_saml_Auth_Source_SP\reauthPostLogin(), SimpleSAML_Error_Error\saveError(), SimpleSAML_Auth_State\saveState(), SimpleSAML_Error_Error\show(), ilSimpleSAMLphpWrapper\storeParam(), and SimpleSAML_IdP\terminateAssociation().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getSessionId()

SimpleSAML_Session::getSessionId ( )

Retrieve the session ID of this session.

Returns
string|null The session ID, or null if this is a transient session.

Definition at line 514 of file Session.php.

515 {
516 return $this->sessionId;
517 }

References $sessionId.

◆ getTrackID()

SimpleSAML_Session::getTrackID ( )

Get a unique ID that will be permanent for this session.

Used for debugging and tracing log files related to a session.

Returns
string|null The unique ID.

Definition at line 535 of file Session.php.

536 {
537 return $this->trackid;
538 }

References $trackid.

◆ hasSessionCookie()

SimpleSAML_Session::hasSessionCookie ( )

Check whether the session cookie is set.

This function will only return false if is is certain that the cookie isn't set.

Returns
bool true if it was set, false if not.

Definition at line 1041 of file Session.php.

1042 {
1044 return $sh->hasSessionCookie();
1045 }

References SimpleSAML\SessionHandler\getSessionHandler().

+ Here is the call graph for this function:

◆ isTransient()

SimpleSAML_Session::isTransient ( )

Retrieve if session is transient.

Returns
boolean The session transient flag.

Definition at line 524 of file Session.php.

525 {
526 return $this->transient;
527 }

References $transient.

Referenced by markDirty().

+ Here is the caller graph for this function:

◆ isValid()

SimpleSAML_Session::isValid (   $authority)

Is the session representing an authenticated user, and is the session still alive.

This function will return false after the user has timed out.

Parameters
string$authorityThe authentication source that the user should be authenticated with.
Returns
true if the user has a valid session, false if not.

Definition at line 734 of file Session.php.

735 {
736 assert('is_string($authority)');
737
738 if (!isset($this->authData[$authority])) {
740 'Session: '.var_export($authority, true).
741 ' not valid because we are not authenticated.'
742 );
743 return false;
744 }
745
746 if ($this->authData[$authority]['Expire'] <= time()) {
747 SimpleSAML\Logger::debug('Session: '.var_export($authority, true).' not valid because it is expired.');
748 return false;
749 }
750
751 SimpleSAML\Logger::debug('Session: Valid session found with '.var_export($authority, true).'.');
752
753 return true;
754 }

References $authority, and SimpleSAML\Logger\debug().

Referenced by doLogout(), and getAuthorities().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ load()

static SimpleSAML_Session::load ( SimpleSAML_Session  $session)
staticprivate

Load a given session as the current one.

This method will also set the track ID in the logger to the one in the given session.

Warning: never set self::$instance yourself, call this method instead.

Parameters
SimpleSAML_Session$sessionThe session to load.
Returns
SimpleSAML_Session The session we just loaded, just for convenience.

Definition at line 390 of file Session.php.

391 {
393 self::$instance = $session;
394 return self::$instance;
395 }

References $instance, $session, and SimpleSAML\Logger\setTrackId().

Referenced by getSessionFromRequest(), and useTransientSession().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ markDirty()

SimpleSAML_Session::markDirty ( )

Mark this session as dirty.

This method will register a callback to save the session right before any output is sent to the browser.

Definition at line 477 of file Session.php.

478 {
479 if ($this->isTransient()) {
480 return;
481 }
482
483 $this->dirty = true;
484
485 if (!function_exists('header_register_callback')) {
486 // PHP version < 5.4, can't register the callback
487 return;
488 }
489
490 if ($this->callback_registered) {
491 // we already have a shutdown callback registered for this object, no need to add another one
492 return;
493 }
494 $this->callback_registered = header_register_callback(array($this, 'save'));
495 }
isTransient()
Retrieve if session is transient.
Definition: Session.php:524

References isTransient().

Referenced by __construct(), addAssociation(), deleteData(), doLogin(), doLogout(), registerLogoutHandler(), setAuthorityExpire(), setData(), and terminateAssociation().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ registerLogoutHandler()

SimpleSAML_Session::registerLogoutHandler (   $authority,
  $classname,
  $functionname 
)

This function registers a logout handler.

Parameters
string$authorityThe authority for which register the handler.
string$classnameThe class which contains the logout handler.
string$functionnameThe logout handler function.
Exceptions
ExceptionIf the handler is not a valid function or method.

Definition at line 809 of file Session.php.

810 {
811 assert('isset($this->authData[$authority])');
812
813 $logout_handler = array($classname, $functionname);
814
815 if (!is_callable($logout_handler)) {
816 throw new Exception(
817 'Logout handler is not a vaild function: '.$classname.'::'.
818 $functionname
819 );
820 }
821
822 $this->authData[$authority]['LogoutHandlers'][] = $logout_handler;
823 $this->markDirty();
824 }

References $authority, and markDirty().

+ Here is the call graph for this function:

◆ save()

SimpleSAML_Session::save ( )

Save the session to the store.

This method saves the session to the session handler in case it has been marked as dirty.

WARNING: please do not use this method directly unless you really need to and know what you are doing. Use markDirty() instead.

Definition at line 432 of file Session.php.

433 {
434 if (!$this->dirty) {
435 // session hasn't changed, don't bother saving it
436 return;
437 }
438
439 $this->dirty = false;
440 $this->callback_registered = false;
441
443
444 try {
445 $sh->saveSession($this);
446 } catch (Exception $e) {
447 if (!($e instanceof SimpleSAML_Error_Exception)) {
449 }
450 SimpleSAML\Logger::error('Unable to save session.');
451 $e->logError();
452 }
453 }

References SimpleSAML\Logger\error(), and SimpleSAML\SessionHandler\getSessionHandler().

Referenced by __destruct(), and cleanup().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ serialize()

SimpleSAML_Session::serialize ( )

Serialize this session object.

This method will be invoked by any calls to serialize().

Returns
string The serialized representation of this session object.

Definition at line 197 of file Session.php.

198 {
199 $serialized = serialize(get_object_vars($this));
200 return $serialized;
201 }
serialize()
Serialize this session object.
Definition: Session.php:197

References serialize().

Referenced by serialize().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ setAuthorityExpire()

SimpleSAML_Session::setAuthorityExpire (   $authority,
  $expire = null 
)

Set the lifetime for authentication source.

Parameters
string$authorityThe authentication source we are setting expire time for.
int$expireThe number of seconds authentication source is valid.

Definition at line 785 of file Session.php.

786 {
787 assert('isset($this->authData[$authority])');
788 assert('is_int($expire) || is_null($expire)');
789
790 $this->markDirty();
791
792 if ($expire === null) {
794 $expire = time() + $globalConfig->getInteger('session.duration', 8 * 60 * 60);
795 }
796
797 $this->authData[$authority]['Expire'] = $expire;
798 }
$expire
Definition: saml2-acs.php:140

References $authority, $expire, $globalConfig, SimpleSAML_Configuration\getInstance(), and markDirty().

+ Here is the call graph for this function:

◆ setData()

SimpleSAML_Session::setData (   $type,
  $id,
  $data,
  $timeout = null 
)

This function stores data in the data store.

The timeout value can be SimpleSAML_Session::DATA_TIMEOUT_SESSION_END, which indicates that the data should never be deleted.

Parameters
string$typeThe type of the data. This is checked when retrieving data from the store.
string$idThe identifier of the data.
mixed$dataThe data.
int | null$timeoutThe number of seconds this data should be stored after its last access. This parameter is optional. The default value is set in 'session.datastore.timeout', and the default is 4 hours.
Exceptions
ExceptionIf the data couldn't be stored.

Definition at line 867 of file Session.php.

868 {
869 assert('is_string($type)');
870 assert('is_string($id)');
871 assert('is_int($timeout) || is_null($timeout) || $timeout === self::DATA_TIMEOUT_SESSION_END');
872
873 // clean out old data
874 $this->expireData();
875
876 if ($timeout === null) {
877 // use the default timeout
878 $configuration = SimpleSAML_Configuration::getInstance();
879
880 $timeout = $configuration->getInteger('session.datastore.timeout', null);
881 if ($timeout !== null) {
882 if ($timeout <= 0) {
883 throw new Exception(
884 'The value of the session.datastore.timeout'.
885 ' configuration option should be a positive integer.'
886 );
887 }
888 }
889 }
890
891 if ($timeout === self::DATA_TIMEOUT_SESSION_END) {
893 } else {
894 $expires = time() + $timeout;
895 }
896
897 $dataInfo = array(
898 'expires' => $expires,
899 'timeout' => $timeout,
900 'data' => $data
901 );
902
903 if (!is_array($this->dataStore)) {
904 $this->dataStore = array();
905 }
906
907 if (!array_key_exists($type, $this->dataStore)) {
908 $this->dataStore[$type] = array();
909 }
910
911 $this->dataStore[$type][$id] = $dataInfo;
912
913 $this->markDirty();
914 }
const DATA_TIMEOUT_SESSION_END
This is a timeout value for setData, which indicates that the data should never be deleted,...
Definition: Session.php:26

References $data, $id, $type, DATA_TIMEOUT_SESSION_END, expireData(), SimpleSAML_Configuration\getInstance(), and markDirty().

+ Here is the call graph for this function:

◆ setRememberMeExpire()

SimpleSAML_Session::setRememberMeExpire (   $expire = null)

Set remember me expire time.

Parameters
int$expireUnix timestamp when remember me session cookies expire.

Definition at line 555 of file Session.php.

556 {
557 assert('is_int($expire) || is_null($expire)');
558
559 if ($expire === null) {
561 $expire = time() + $globalConfig->getInteger('session.rememberme.lifetime', 14 * 86400);
562 }
563 $this->rememberMeExpire = $expire;
564
565 $cookieParams = array('expire' => $this->rememberMeExpire);
566 $this->updateSessionCookies($cookieParams);
567 }

References $expire, $globalConfig, SimpleSAML_Configuration\getInstance(), and updateSessionCookies().

Referenced by doLogin().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ terminateAssociation()

SimpleSAML_Session::terminateAssociation (   $idp,
  $associationId 
)

Remove an SP association for an IdP.

This function is only for use by the SimpleSAML_IdP class.

Parameters
string$idpThe IdP id.
string$associationIdThe id of the association.

Definition at line 1120 of file Session.php.

1121 {
1122 assert('is_string($idp)');
1123 assert('is_string($associationId)');
1124
1125 if (!isset($this->associations)) {
1126 return;
1127 }
1128
1129 if (!isset($this->associations[$idp])) {
1130 return;
1131 }
1132
1133 unset($this->associations[$idp][$associationId]);
1134
1135 $this->markDirty();
1136 }

References $idp, and markDirty().

+ Here is the call graph for this function:

◆ unserialize()

SimpleSAML_Session::unserialize (   $serialized)

Unserialize a session object and load it.

This method will be invoked by any calls to unserialize(), allowing us to restore any data that might not be serializable in its original form (e.g.: DOM objects).

Parameters
string$serializedThe serialized representation of a session that we want to restore.

Definition at line 212 of file Session.php.

213 {
214 $session = unserialize($serialized);
215 if (is_array($session)) {
216 foreach ($session as $k => $v) {
217 $this->$k = $v;
218 }
219 }
220
221 // look for any raw attributes and load them in the 'Attributes' array
222 foreach ($this->authData as $authority => $parameters) {
223 if (!array_key_exists('RawAttributes', $parameters)) {
224 continue;
225 }
226
227 foreach ($parameters['RawAttributes'] as $attribute => $values) {
228 foreach ($values as $idx => $value) { // this should be originally a DOMNodeList
229 /* @var \SAML2\XML\saml\AttributeValue $value */
230 $this->authData[$authority]['Attributes'][$attribute][$idx] = $value->element->childNodes;
231 }
232 }
233 }
234 }
unserialize($serialized)
Unserialize a session object and load it.
Definition: Session.php:212

References $authority, $session, and unserialize().

Referenced by unserialize().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ updateSessionCookies()

SimpleSAML_Session::updateSessionCookies (   $params = null)

Update session cookies.

Parameters
array$paramsThe parameters for the cookies.

Definition at line 761 of file Session.php.

762 {
764
765 if ($this->sessionId !== null) {
766 $sessionHandler->setCookie($sessionHandler->getSessionCookieName(), $this->sessionId, $params);
767 }
768
769 if ($this->authToken !== null) {
772 $globalConfig->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'),
773 $this->authToken,
774 $params
775 );
776 }
777 }
$params
Definition: disable.php:11

References $globalConfig, $params, SimpleSAML_Configuration\getInstance(), SimpleSAML\SessionHandler\getSessionHandler(), and SimpleSAML\Utils\HTTP\setCookie().

Referenced by doLogout(), and setRememberMeExpire().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ useTransientSession()

static SimpleSAML_Session::useTransientSession ( )
static

Use a transient session.

Create a session that should not be saved at the end of the request. Subsequent calls to getInstance() will return this transient session.

Definition at line 403 of file Session.php.

404 {
405 if (isset(self::$instance)) {
406 // we already have a session, don't bother with a transient session
407 return;
408 }
409
411 }

References load().

Referenced by getSessionFromRequest().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $associations

SimpleSAML_Session::$associations = array()
private

Definition at line 114 of file Session.php.

◆ $authData

SimpleSAML_Session::$authData
private

Definition at line 134 of file Session.php.

◆ $authToken

SimpleSAML_Session::$authToken
private

Definition at line 124 of file Session.php.

◆ $callback_registered

SimpleSAML_Session::$callback_registered = false
private

Definition at line 90 of file Session.php.

◆ $dataStore

SimpleSAML_Session::$dataStore = null
private

Definition at line 103 of file Session.php.

◆ $dirty

SimpleSAML_Session::$dirty = false
private

Definition at line 82 of file Session.php.

◆ $instance

SimpleSAML_Session::$instance = null
staticprivate

This variable holds the instance of the session - Singleton approach.

Warning: do not set the instance manually, call SimpleSAML_Session::load() instead.

Definition at line 44 of file Session.php.

Referenced by getSessionFromRequest(), and load().

◆ $rememberMeExpire

SimpleSAML_Session::$rememberMeExpire = null
private

Definition at line 73 of file Session.php.

Referenced by getRememberMeExpire().

◆ $sessionId

SimpleSAML_Session::$sessionId
private

Definition at line 52 of file Session.php.

Referenced by createSession(), getSession(), and getSessionId().

◆ $sessions

SimpleSAML_Session::$sessions = array()
staticprivate

Definition at line 36 of file Session.php.

◆ $trackid

SimpleSAML_Session::$trackid = null
private

Definition at line 70 of file Session.php.

Referenced by getTrackID().

◆ $transient

SimpleSAML_Session::$transient = false
private

Definition at line 60 of file Session.php.

Referenced by __construct(), and isTransient().

◆ DATA_TIMEOUT_SESSION_END

const SimpleSAML_Session::DATA_TIMEOUT_SESSION_END = 'sessionEndTimeout'

This is a timeout value for setData, which indicates that the data should never be deleted, i.e.

lasts the whole session lifetime.

Definition at line 26 of file Session.php.

Referenced by SimpleSAML_Auth_Source\addLogoutCallback(), sspmod_multiauth_Auth_Source_MultiAuth\delegateAuthentication(), SimpleSAML_IdP\postAuthProc(), and setData().


The documentation for this class was generated from the following file: