ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Protected Member Functions | Protected Attributes | Private Member Functions | Private Attributes
SimpleSAML\SessionHandlerPHP Class Reference
+ Inheritance diagram for SimpleSAML\SessionHandlerPHP:
+ Collaboration diagram for SimpleSAML\SessionHandlerPHP:

Public Member Functions

 restorePrevious ()
 Restore a previously-existing session. More...
 
 newSessionId ()
 Create a new session id. More...
 
 getCookieSessionId ()
 Retrieve the session ID saved in the session cookie, if there's one. More...
 
 getSessionCookieName ()
 Retrieve the session cookie name. More...
 
 saveSession (\SimpleSAML_Session $session)
 Save the current session to the PHP session array. More...
 
 loadSession ($sessionId=null)
 Load the session from the PHP session array. More...
 
 hasSessionCookie ()
 Check whether the session cookie is set. More...
 
 getCookieParams ()
 Get the cookie parameters that should be used for session cookies. More...
 
 setCookie ($sessionName, $sessionID, array $cookieParams=null)
 Set a session cookie. More...
 
 newSessionId ()
 Create a new session id. More...
 
 getCookieSessionId ()
 Retrieve the session ID saved in the session cookie, if there's one. More...
 
 getSessionCookieName ()
 Retrieve the session cookie name. More...
 
 saveSession (\SimpleSAML_Session $session)
 Save the session. More...
 
 loadSession ($sessionId=null)
 Load the session. More...
 
 hasSessionCookie ()
 Check whether the session cookie is set. More...
 
 setCookie ($sessionName, $sessionID, array $cookieParams=null)
 Set a session cookie. More...
 
 getCookieParams ()
 Get the cookie parameters that should be used for session cookies. More...
 

Protected Member Functions

 __construct ()
 Initialize the PHP session handling. More...
 
 __construct ()
 This constructor is included in case it is needed in the future. More...
 

Protected Attributes

 $cookie_name
 

Private Member Functions

 sessionStart ()
 This method starts a session, making sure no warnings are generated due to headers being already sent. More...
 

Private Attributes

 $previous_session = array()
 

Additional Inherited Members

- Static Public Member Functions inherited from SimpleSAML\SessionHandler
static getSessionHandler ()
 This function retrieves the current instance of the session handler. More...
 
- Static Protected Attributes inherited from SimpleSAML\SessionHandler
static $sessionHandler = null
 

Detailed Description

Definition at line 17 of file SessionHandlerPHP.php.

Constructor & Destructor Documentation

◆ __construct()

SimpleSAML\SessionHandlerPHP::__construct ( )
protected

Initialize the PHP session handling.

This constructor is protected because it should only be called from \SimpleSAML\SessionHandler::createSessionHandler(...).

Reimplemented from SimpleSAML\SessionHandler.

Definition at line 44 of file SessionHandlerPHP.php.

45 {
46 // call the parent constructor in case it should become necessary in the future
47 parent::__construct();
48
49 $config = \SimpleSAML_Configuration::getInstance();
50 $this->cookie_name = $config->getString('session.phpsession.cookiename', null);
51
52 if (session_status() === PHP_SESSION_ACTIVE) {
53 if (session_name() === $this->cookie_name || $this->cookie_name === null) {
54 Logger::warning(
55 'There is already a PHP session with the same name as SimpleSAMLphp\'s session, or the '.
56 "'session.phpsession.cookiename' configuration option is not set. Make sure to set ".
57 "SimpleSAMLphp's cookie name with a value not used by any other applications."
58 );
59 }
60
61 /*
62 * We shouldn't have a session at this point, so it might be an application session. Save the details to
63 * retrieve it later and commit.
64 */
65 $this->previous_session['cookie_params'] = session_get_cookie_params();
66 $this->previous_session['id'] = session_id();
67 $this->previous_session['name'] = session_name();
68 session_write_close();
69 }
70
71 if (!empty($this->cookie_name)) {
72 session_name($this->cookie_name);
73 } else {
74 $this->cookie_name = session_name();
75 }
76
77 $params = $this->getCookieParams();
78
79 if (!headers_sent()) {
80 session_set_cookie_params(
81 $params['lifetime'],
82 $params['path'],
83 $params['domain'],
84 $params['secure'],
85 $params['httponly']
86 );
87 }
88
89 $savepath = $config->getString('session.phpsession.savepath', null);
90 if (!empty($savepath)) {
91 session_save_path($savepath);
92 }
93 }
SimpleSAML\Logger\warning
static warning($string)
Definition: Logger.php:177
SimpleSAML\SessionHandlerPHP\getCookieParams
getCookieParams()
Get the cookie parameters that should be used for session cookies.
Definition: SessionHandlerPHP.php:294
SimpleSAML_Configuration\getInstance
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
Definition: Configuration.php:325
$config
$config
Definition: bootstrap.php:15

References $config, PHPMailer\PHPMailer\$params, and SimpleSAML_Configuration\getInstance().

+ Here is the call graph for this function:

Member Function Documentation

◆ getCookieParams()

SimpleSAML\SessionHandlerPHP::getCookieParams ( )

Get the cookie parameters that should be used for session cookies.

This function contains some adjustments from the default to provide backwards-compatibility.

Returns
array The cookie parameters for our sessions. If both 'session.phpsession.limitedpath' and 'session.cookie.path' options are set at the same time in the configuration.

Reimplemented from SimpleSAML\SessionHandler.

Definition at line 294 of file SessionHandlerPHP.php.

295 {
296 $config = \SimpleSAML_Configuration::getInstance();
297
298 $ret = parent::getCookieParams();
299
300 if ($config->hasValue('session.phpsession.limitedpath') && $config->hasValue('session.cookie.path')) {
301 throw new \SimpleSAML_Error_Exception(
302 'You cannot set both the session.phpsession.limitedpath and session.cookie.path options.'
303 );
304 } elseif ($config->hasValue('session.phpsession.limitedpath')) {
305 $ret['path'] = $config->getBoolean(
306 'session.phpsession.limitedpath',
307 false
308 ) ? $config->getBasePath() : '/';
309 }
310
311 $ret['httponly'] = $config->getBoolean('session.phpsession.httponly', true);
312
313 return $ret;
314 }
$ret
$ret
Definition: parser.php:6

References $config, $ret, and SimpleSAML_Configuration\getInstance().

+ Here is the call graph for this function:

◆ getCookieSessionId()

SimpleSAML\SessionHandlerPHP::getCookieSessionId ( )

Retrieve the session ID saved in the session cookie, if there's one.

Returns
string|null The session id saved in the cookie or null if no session cookie was set.
Exceptions

SimpleSAML_Error_Exception If the cookie is marked as secure but we are not using HTTPS.

Reimplemented from SimpleSAML\SessionHandler.

Definition at line 184 of file SessionHandlerPHP.php.

185 {
186 if (!self::hasSessionCookie()) {
187 return null; // there's no session cookie, can't return ID
188 }
189
190 // do not rely on session_id() as it can return the ID of a previous session. Get it from the cookie instead.
191 session_id($_COOKIE[$this->cookie_name]);
192
193 $session_cookie_params = session_get_cookie_params();
194
195 if ($session_cookie_params['secure'] && !HTTP::isHTTPS()) {
196 throw new \SimpleSAML_Error_Exception('Session start with secure cookie not allowed on http.');
197 }
198
199 $this->sessionStart();
200 return session_id();
201 }
$_COOKIE
$_COOKIE['client_id']
Definition: server.php:9
SimpleSAML\SessionHandlerPHP\sessionStart
sessionStart()
This method starts a session, making sure no warnings are generated due to headers being already sent...
Definition: SessionHandlerPHP.php:99
SimpleSAML\Utils\HTTP\isHTTPS
static isHTTPS()
This function checks if we are using HTTPS as protocol.
Definition: HTTP.php:862

References $_COOKIE.

◆ getSessionCookieName()

SimpleSAML\SessionHandlerPHP::getSessionCookieName ( )

Retrieve the session cookie name.

Returns
string The session cookie name.

Reimplemented from SimpleSAML\SessionHandler.

Definition at line 209 of file SessionHandlerPHP.php.

210 {
211 return $this->cookie_name;
212 }

◆ hasSessionCookie()

SimpleSAML\SessionHandlerPHP::hasSessionCookie ( )

Check whether the session cookie is set.

This function will only return false if is is certain that the cookie isn't set.

Returns
boolean True if it was set, false otherwise.

Reimplemented from SimpleSAML\SessionHandler.

Definition at line 277 of file SessionHandlerPHP.php.

278 {
279 return array_key_exists($this->cookie_name, $_COOKIE);
280 }

References $_COOKIE.

◆ loadSession()

SimpleSAML\SessionHandlerPHP::loadSession (   $sessionId = null)

Load the session from the PHP session array.

Parameters
string | null$sessionIdThe ID of the session we should load, or null to use the default.
Returns
\SimpleSAML_Session|null The session object, or null if it doesn't exist.
Exceptions

SimpleSAML_Error_Exception If it wasn't possible to disable session cookies or we are trying to load a PHP session with a specific identifier and it doesn't match with the current session identifier.

Reimplemented from SimpleSAML\SessionHandler.

Definition at line 236 of file SessionHandlerPHP.php.

237 {
238 assert(is_string($sessionId) || $sessionId === null);
239
240 if ($sessionId !== null) {
241 if (session_id() === '') {
242 // session not initiated with getCookieSessionId(), start session without setting cookie
243 $ret = ini_set('session.use_cookies', '0');
244 if ($ret === false) {
245 throw new \SimpleSAML_Error_Exception('Disabling PHP option session.use_cookies failed.');
246 }
247
248 session_id($sessionId);
249 $this->sessionStart();
250 } elseif ($sessionId !== session_id()) {
251 throw new \SimpleSAML_Error_Exception('Cannot load PHP session with a specific ID.');
252 }
253 } elseif (session_id() === '') {
254 self::getCookieSessionId();
255 }
256
257 if (!isset($_SESSION['SimpleSAMLphp_SESSION'])) {
258 return null;
259 }
260
261 $session = $_SESSION['SimpleSAMLphp_SESSION'];
262 assert(is_string($session));
263
264 $session = unserialize($session);
265
266 return ($session !== false) ? $session : null;
267 }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
SimpleSAML\SessionHandlerPHP\getCookieSessionId
getCookieSessionId()
Retrieve the session ID saved in the session cookie, if there's one.
Definition: SessionHandlerPHP.php:184
$session
$session
Definition: proxy_ylocal.php:32

References $_SESSION, $ret, and $session.

◆ newSessionId()

SimpleSAML\SessionHandlerPHP::newSessionId ( )

Create a new session id.

Returns
string The new session id.

Reimplemented from SimpleSAML\SessionHandler.

Definition at line 167 of file SessionHandlerPHP.php.

168 {
169 // generate new (secure) session id
170 $sessionId = bin2hex(openssl_random_pseudo_bytes(16));
171 \SimpleSAML_Session::createSession($sessionId);
172
173 return $sessionId;
174 }
SimpleSAML_Session\createSession
static createSession($sessionId)
Create a new session and cache it.
Definition: Session.php:416

References SimpleSAML_Session\createSession().

+ Here is the call graph for this function:

◆ restorePrevious()

SimpleSAML\SessionHandlerPHP::restorePrevious ( )

Restore a previously-existing session.

Use this method to restore a previous PHP session existing before SimpleSAMLphp initialized its own session.

WARNING: do not use this method directly, unless you know what you are doing. Calling this method directly, outside of SimpleSAML_Session, could cause SimpleSAMLphp's session to be lost or mess the application's one. The session must always be saved properly before calling this method. If you don't understand what this is about, don't use this method.

Definition at line 132 of file SessionHandlerPHP.php.

133 {
134 if (empty($this->previous_session)) {
135 return; // nothing to do here
136 }
137
138 // close our own session
139 session_write_close();
140
141 session_name($this->previous_session['name']);
142 session_set_cookie_params(
143 $this->previous_session['cookie_params']['lifetime'],
144 $this->previous_session['cookie_params']['path'],
145 $this->previous_session['cookie_params']['domain'],
146 $this->previous_session['cookie_params']['secure'],
147 $this->previous_session['cookie_params']['httponly']
148 );
149 session_id($this->previous_session['id']);
150 $this->previous_session = array();
151 $this->sessionStart();
152
153 /*
154 * At this point, we have restored a previously-existing session, so we can't continue to use our session here.
155 * Therefore, we need to load our session again in case we need it. We remove this handler from the parent
156 * class so that the handler is initialized again if we ever need to do something with the session.
157 */
158 parent::$sessionHandler = null;
159 }

◆ saveSession()

SimpleSAML\SessionHandlerPHP::saveSession ( \SimpleSAML_Session  $session)

Save the current session to the PHP session array.

Parameters
\SimpleSAML_Session$sessionThe session object we should save.

Reimplemented from SimpleSAML\SessionHandler.

Definition at line 220 of file SessionHandlerPHP.php.

221 {
222 $_SESSION['SimpleSAMLphp_SESSION'] = serialize($session);
223 }

References $_SESSION, and $session.

◆ sessionStart()

SimpleSAML\SessionHandlerPHP::sessionStart ( )
private

This method starts a session, making sure no warnings are generated due to headers being already sent.

Definition at line 99 of file SessionHandlerPHP.php.

100 {
101 $cacheLimiter = session_cache_limiter();
102 if (headers_sent()) {
103 /*
104 * session_start() tries to send HTTP headers depending on the configuration, according to the
105 * documentation:
106 *
107 * http://php.net/manual/en/function.session-start.php
108 *
109 * If headers have been already sent, it will then trigger an error since no more headers can be sent.
110 * Being unable to send headers does not mean we cannot recover the session by calling session_start(),
111 * so we still want to call it. In this case, though, we want to avoid session_start() to send any
112 * headers at all so that no error is generated, so we clear the cache limiter temporarily (no headers
113 * sent then) and restore it after successfully starting the session.
114 */
115 session_cache_limiter('');
116 }
117 session_cache_limiter($cacheLimiter);
118 @session_start();
119 }

◆ setCookie()

SimpleSAML\SessionHandlerPHP::setCookie (   $sessionName,
  $sessionID,
array  $cookieParams = null 
)

Set a session cookie.

Parameters
string$sessionNameThe name of the session.
string | null$sessionIDThe session ID to use. Set to null to delete the cookie.
array | null$cookieParamsAdditional parameters to use for the session cookie.
Exceptions

SimpleSAML\Error\CannotSetCookie If we can't set the cookie.

Reimplemented from SimpleSAML\SessionHandler.

Definition at line 326 of file SessionHandlerPHP.php.

327 {
328 if ($cookieParams === null) {
329 $cookieParams = session_get_cookie_params();
330 }
331
332 if ($cookieParams['secure'] && !HTTP::isHTTPS()) {
333 throw new CannotSetCookie(
334 'Setting secure cookie on plain HTTP is not allowed.',
335 CannotSetCookie::SECURE_COOKIE
336 );
337 }
338
339 if (headers_sent()) {
340 throw new CannotSetCookie(
341 'Headers already sent.',
342 CannotSetCookie::HEADERS_SENT
343 );
344 }
345
346 if (session_id() !== '') {
347 // session already started, close it
348 session_write_close();
349 }
350
351 session_set_cookie_params(
352 $cookieParams['lifetime'],
353 $cookieParams['path'],
354 $cookieParams['domain'],
355 $cookieParams['secure'],
356 $cookieParams['httponly']
357 );
358
359 session_id($sessionID);
360 $this->sessionStart();
361 }
$sessionID
$sessionID
Definition: authmemcookie.php:36

References $sessionID.

Field Documentation

◆ $cookie_name

SimpleSAML\SessionHandlerPHP::$cookie_name
protected

Definition at line 25 of file SessionHandlerPHP.php.

◆ $previous_session

SimpleSAML\SessionHandlerPHP::$previous_session = array()
private

Definition at line 37 of file SessionHandlerPHP.php.

The documentation for this class was generated from the following file: