Inheritance diagram for SimpleSAML\SessionHandlerPHP:

Collaboration diagram for SimpleSAML\SessionHandlerPHP:

Public Member Functions
	restorePrevious ()
	Restore a previously-existing session. More...

	newSessionId ()
	Create a new session id. More...

	getCookieSessionId ()
	Retrieve the session ID saved in the session cookie, if there's one. More...

	getSessionCookieName ()
	Retrieve the session cookie name. More...

	saveSession (\SimpleSAML_Session $session)
	Save the current session to the PHP session array. More...

	loadSession ($sessionId=null)
	Load the session from the PHP session array. More...

	hasSessionCookie ()
	Check whether the session cookie is set. More...

	getCookieParams ()
	Get the cookie parameters that should be used for session cookies. More...

	setCookie ($sessionName, $sessionID, array $cookieParams=null)
	Set a session cookie. More...

Public Member Functions inherited from SimpleSAML\SessionHandler
	newSessionId ()
	Create a new session id. More...

	getCookieSessionId ()
	Retrieve the session ID saved in the session cookie, if there's one. More...

	getSessionCookieName ()
	Retrieve the session cookie name. More...

	saveSession (\SimpleSAML_Session $session)
	Save the session. More...

	loadSession ($sessionId=null)
	Load the session. More...

	hasSessionCookie ()
	Check whether the session cookie is set. More...

	setCookie ($sessionName, $sessionID, array $cookieParams=null)
	Set a session cookie. More...

	getCookieParams ()
	Get the cookie parameters that should be used for session cookies. More...

Protected Member Functions
	__construct ()
	Initialize the PHP session handling. More...

Protected Member Functions inherited from SimpleSAML\SessionHandler
	__construct ()
	This constructor is included in case it is needed in the future. More...

Protected Attributes
	$cookie_name

Private Member Functions
	sessionStart ()
	This method starts a session, making sure no warnings are generated due to headers being already sent. More...

Private Attributes
	$previous_session = array()

Additional Inherited Members
Static Public Member Functions inherited from SimpleSAML\SessionHandler
static	getSessionHandler ()
	This function retrieves the current instance of the session handler. More...

Static Protected Attributes inherited from SimpleSAML\SessionHandler
static	$sessionHandler = null

Detailed Description

Definition at line 17 of file SessionHandlerPHP.php.

Constructor & Destructor Documentation

◆ __construct()

SimpleSAML\SessionHandlerPHP::__construct ( )

protected

Initialize the PHP session handling.

This constructor is protected because it should only be called from ::createSessionHandler(...).

Definition at line 44 of file SessionHandlerPHP.php.

References $config, PHPMailer\PHPMailer\$params, and SimpleSAML_Configuration\getInstance().

     {
         // call the parent constructor in case it should become necessary in the future
         parent::__construct();
 
         $config = \SimpleSAML_Configuration::getInstance();
         $this->cookie_name = $config->getString('session.phpsession.cookiename', null);
 
         if (session_status() === PHP_SESSION_ACTIVE) {
             if (session_name() === $this->cookie_name || $this->cookie_name === null) {
                 Logger::warning(
                     'There is already a PHP session with the same name as SimpleSAMLphp\'s session, or the '.
                     "'session.phpsession.cookiename' configuration option is not set. Make sure to set ".
                     "SimpleSAMLphp's cookie name with a value not used by any other applications."
                 );
             }
 
             /*
              * We shouldn't have a session at this point, so it might be an application session. Save the details to
              * retrieve it later and commit.
              */
             $this->previous_session['cookie_params'] = session_get_cookie_params();
             $this->previous_session['id'] = session_id();
             $this->previous_session['name'] = session_name();
             session_write_close();
         }
 
         if (!empty($this->cookie_name)) {
             session_name($this->cookie_name);
         } else {
             $this->cookie_name = session_name();
         }
 
         $params = $this->getCookieParams();
 
         if (!headers_sent()) {
             session_set_cookie_params(
                 $params['lifetime'],
                 $params['path'],
                 $params['domain'],
                 $params['secure'],
                 $params['httponly']
             );
         }
 
         $savepath = $config->getString('session.phpsession.savepath', null);
         if (!empty($savepath)) {
             session_save_path($savepath);
         }
     }

Here is the call graph for this function:

Member Function Documentation

◆ getCookieParams()

SimpleSAML\SessionHandlerPHP::getCookieParams ( )

Get the cookie parameters that should be used for session cookies.

This function contains some adjustments from the default to provide backwards-compatibility.

Returns: array The cookie parameters for our sessions. If both 'session.phpsession.limitedpath' and 'session.cookie.path' options are set at the same time in the configuration.

Definition at line 294 of file SessionHandlerPHP.php.

References $config, $ret, and SimpleSAML_Configuration\getInstance().

     {
         $config = \SimpleSAML_Configuration::getInstance();
 
         $ret = parent::getCookieParams();
 
         if ($config->hasValue('session.phpsession.limitedpath') && $config->hasValue('session.cookie.path')) {
             throw new \SimpleSAML_Error_Exception(
                 'You cannot set both the session.phpsession.limitedpath and session.cookie.path options.'
             );
         } elseif ($config->hasValue('session.phpsession.limitedpath')) {
             $ret['path'] = $config->getBoolean(
                 'session.phpsession.limitedpath',
                 false
             ) ? $config->getBasePath() : '/';
         }
 
         $ret['httponly'] = $config->getBoolean('session.phpsession.httponly', true);
 
         return $ret;
     }

Here is the call graph for this function:

◆ getCookieSessionId()

SimpleSAML\SessionHandlerPHP::getCookieSessionId ( )

Retrieve the session ID saved in the session cookie, if there's one.

Returns: string|null The session id saved in the cookie or null if no session cookie was set.

Exceptions

Definition at line 184 of file SessionHandlerPHP.php.

References $_COOKIE.

     {
         if (!self::hasSessionCookie()) {
             return null; // there's no session cookie, can't return ID
         }
 
         // do not rely on session_id() as it can return the ID of a previous session. Get it from the cookie instead.
         session_id($_COOKIE[$this->cookie_name]);
 
         $session_cookie_params = session_get_cookie_params();
 
         if ($session_cookie_params['secure'] && !HTTP::isHTTPS()) {
             throw new \SimpleSAML_Error_Exception('Session start with secure cookie not allowed on http.');
         }
 
         $this->sessionStart();
         return session_id();
     }

◆ getSessionCookieName()

SimpleSAML\SessionHandlerPHP::getSessionCookieName ( )

Retrieve the session cookie name.

Returns: string The session cookie name.

Definition at line 209 of file SessionHandlerPHP.php.

     {
         return $this->cookie_name;
     }

◆ hasSessionCookie()

SimpleSAML\SessionHandlerPHP::hasSessionCookie ( )

Check whether the session cookie is set.

This function will only return false if is is certain that the cookie isn't set.

Returns: boolean True if it was set, false otherwise.

Definition at line 277 of file SessionHandlerPHP.php.

References $_COOKIE.

     {
         return array_key_exists($this->cookie_name, $_COOKIE);
     }

◆ loadSession()

SimpleSAML\SessionHandlerPHP::loadSession ( $sessionId = null )

Load the session from the PHP session array.

Parameters

string | null $sessionId The ID of the session we should load, or null to use the default.

Returns: |null The session object, or null if it doesn't exist.

Exceptions

Definition at line 236 of file SessionHandlerPHP.php.

References $_SESSION, $ret, and $session.

     {
         assert(is_string($sessionId) || $sessionId === null);
 
         if ($sessionId !== null) {
             if (session_id() === '') {
                 // session not initiated with getCookieSessionId(), start session without setting cookie
                 $ret = ini_set('session.use_cookies', '0');
                 if ($ret === false) {
                     throw new \SimpleSAML_Error_Exception('Disabling PHP option session.use_cookies failed.');
                 }
 
                 session_id($sessionId);
                 $this->sessionStart();
             } elseif ($sessionId !== session_id()) {
                 throw new \SimpleSAML_Error_Exception('Cannot load PHP session with a specific ID.');
             }
         } elseif (session_id() === '') {
             self::getCookieSessionId();
         }
 
         if (!isset($_SESSION['SimpleSAMLphp_SESSION'])) {
             return null;
         }
 
         $session = $_SESSION['SimpleSAMLphp_SESSION'];
         assert(is_string($session));
 
         $session = unserialize($session);
 
         return ($session !== false) ? $session : null;
     }

◆ newSessionId()

SimpleSAML\SessionHandlerPHP::newSessionId ( )

Create a new session id.

Returns: string The new session id.

Definition at line 167 of file SessionHandlerPHP.php.

References SimpleSAML_Session\createSession().

     {
         // generate new (secure) session id
         $sessionId = bin2hex(openssl_random_pseudo_bytes(16));
         \SimpleSAML_Session::createSession($sessionId);
 
         return $sessionId;
     }

Here is the call graph for this function:

◆ restorePrevious()

SimpleSAML\SessionHandlerPHP::restorePrevious ( )

Restore a previously-existing session.

Use this method to restore a previous PHP session existing before SimpleSAMLphp initialized its own session.

WARNING: do not use this method directly, unless you know what you are doing. Calling this method directly, outside of SimpleSAML_Session, could cause SimpleSAMLphp's session to be lost or mess the application's one. The session must always be saved properly before calling this method. If you don't understand what this is about, don't use this method.

Definition at line 132 of file SessionHandlerPHP.php.

     {
         if (empty($this->previous_session)) {
             return; // nothing to do here
         }
 
         // close our own session
         session_write_close();
 
         session_name($this->previous_session['name']);
         session_set_cookie_params(
             $this->previous_session['cookie_params']['lifetime'],
             $this->previous_session['cookie_params']['path'],
             $this->previous_session['cookie_params']['domain'],
             $this->previous_session['cookie_params']['secure'],
             $this->previous_session['cookie_params']['httponly']
         );
         session_id($this->previous_session['id']);
         $this->previous_session = array();
         $this->sessionStart();
 
         /*
          * At this point, we have restored a previously-existing session, so we can't continue to use our session here.
          * Therefore, we need to load our session again in case we need it. We remove this handler from the parent
          * class so that the handler is initialized again if we ever need to do something with the session.
          */
         parent::$sessionHandler = null;
     }

◆ saveSession()

SimpleSAML\SessionHandlerPHP::saveSession ( \SimpleSAML_Session $session )

Save the current session to the PHP session array.

Parameters

\SimpleSAML_Session $session The session object we should save.

Definition at line 220 of file SessionHandlerPHP.php.

References $_SESSION.

     {
         $_SESSION['SimpleSAMLphp_SESSION'] = serialize($session);
     }

◆ sessionStart()

SimpleSAML\SessionHandlerPHP::sessionStart ( )

private

This method starts a session, making sure no warnings are generated due to headers being already sent.

Definition at line 99 of file SessionHandlerPHP.php.

     {
         $cacheLimiter = session_cache_limiter();
         if (headers_sent()) {
             /*
              * session_start() tries to send HTTP headers depending on the configuration, according to the
              * documentation:
              *
              *      http://php.net/manual/en/function.session-start.php
              *
              * If headers have been already sent, it will then trigger an error since no more headers can be sent.
              * Being unable to send headers does not mean we cannot recover the session by calling session_start(),
              * so we still want to call it. In this case, though, we want to avoid session_start() to send any
              * headers at all so that no error is generated, so we clear the cache limiter temporarily (no headers
              * sent then) and restore it after successfully starting the session.
              */
             session_cache_limiter('');
         }
         session_cache_limiter($cacheLimiter);
         @session_start();
     }

◆ setCookie()

SimpleSAML\SessionHandlerPHP::setCookie	(		$sessionName,
			$sessionID,
		array	$cookieParams = `null`
	)

Set a session cookie.

Parameters

string	$sessionName	The name of the session.
string \| null	$sessionID	The session ID to use. Set to null to delete the cookie.
array \| null	$cookieParams	Additional parameters to use for the session cookie.

Exceptions

Definition at line 326 of file SessionHandlerPHP.php.

References $sessionID.

     {
         if ($cookieParams === null) {
             $cookieParams = session_get_cookie_params();
         }
 
         if ($cookieParams['secure'] && !HTTP::isHTTPS()) {
             throw new CannotSetCookie(
                 'Setting secure cookie on plain HTTP is not allowed.',
                 CannotSetCookie::SECURE_COOKIE
             );
         }
 
         if (headers_sent()) {
             throw new CannotSetCookie(
                 'Headers already sent.',
                 CannotSetCookie::HEADERS_SENT
             );
         }
 
         if (session_id() !== '') {
             // session already started, close it
             session_write_close();
         }
 
         session_set_cookie_params(
             $cookieParams['lifetime'],
             $cookieParams['path'],
             $cookieParams['domain'],
             $cookieParams['secure'],
             $cookieParams['httponly']
         );
 
         session_id($sessionID);
         $this->sessionStart();
     }

Field Documentation

◆ $cookie_name

SimpleSAML\SessionHandlerPHP::$cookie_name

protected

Definition at line 25 of file SessionHandlerPHP.php.

◆ $previous_session

SimpleSAML\SessionHandlerPHP::$previous_session = array()

private

Definition at line 37 of file SessionHandlerPHP.php.

The documentation for this class was generated from the following file:

libs/composer/vendor/simplesamlphp/simplesamlphp/lib/SimpleSAML/SessionHandlerPHP.php

Public Member Functions

Protected Member Functions

Protected Attributes

Private Member Functions

Private Attributes

Additional Inherited Members

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ getCookieParams()

◆ getCookieSessionId()

◆ getSessionCookieName()

◆ hasSessionCookie()

◆ loadSession()

◆ newSessionId()

◆ restorePrevious()

◆ saveSession()

◆ sessionStart()

◆ setCookie()

Field Documentation

◆ $cookie_name

◆ $previous_session