d2/dcf/SessionHandlerPHP_8php_source.html

 <?php

 namespace SimpleSAML;

 use SimpleSAML\Error\CannotSetCookie;
 use SimpleSAML\Utils\HTTP;

 class SessionHandlerPHP extends SessionHandler
 {

     protected $cookie_name;

     private $previous_session = array();


     protected function __construct()
     {
         // call the parent constructor in case it should become necessary in the future
         parent::__construct();

         $config = \SimpleSAML_Configuration::getInstance();
         $this->cookie_name = $config->getString('session.phpsession.cookiename', null);

         if (session_status() === PHP_SESSION_ACTIVE) {
             if (session_name() === $this->cookie_name || $this->cookie_name === null) {
                 Logger::warning(
                     'There is already a PHP session with the same name as SimpleSAMLphp\'s session, or the '.
                     "'session.phpsession.cookiename' configuration option is not set. Make sure to set ".
                     "SimpleSAMLphp's cookie name with a value not used by any other applications."
                 );
             }

             /*
              * We shouldn't have a session at this point, so it might be an application session. Save the details to
              * retrieve it later and commit.
              */
             $this->previous_session['cookie_params'] = session_get_cookie_params();
             $this->previous_session['id'] = session_id();
             $this->previous_session['name'] = session_name();
             session_write_close();
         }

         if (!empty($this->cookie_name)) {
             session_name($this->cookie_name);
         } else {
             $this->cookie_name = session_name();
         }

         $params = $this->getCookieParams();

         if (!headers_sent()) {
             session_set_cookie_params(
                 $params['lifetime'],
                 $params['path'],
                 $params['domain'],
                 $params['secure'],
                 $params['httponly']
             );
         }

         $savepath = $config->getString('session.phpsession.savepath', null);
         if (!empty($savepath)) {
             session_save_path($savepath);
         }
     }


     private function sessionStart()
     {
         $cacheLimiter = session_cache_limiter();
         if (headers_sent()) {
             /*
              * session_start() tries to send HTTP headers depending on the configuration, according to the
              * documentation:
              *
              *      http://php.net/manual/en/function.session-start.php
              *
              * If headers have been already sent, it will then trigger an error since no more headers can be sent.
              * Being unable to send headers does not mean we cannot recover the session by calling session_start(),
              * so we still want to call it. In this case, though, we want to avoid session_start() to send any
              * headers at all so that no error is generated, so we clear the cache limiter temporarily (no headers
              * sent then) and restore it after successfully starting the session.
              */
             session_cache_limiter('');
         }
         session_cache_limiter($cacheLimiter);
         @session_start();
     }


     public function restorePrevious()
     {
         if (empty($this->previous_session)) {
             return; // nothing to do here
         }

         // close our own session
         session_write_close();

         session_name($this->previous_session['name']);
         session_set_cookie_params(
             $this->previous_session['cookie_params']['lifetime'],
             $this->previous_session['cookie_params']['path'],
             $this->previous_session['cookie_params']['domain'],
             $this->previous_session['cookie_params']['secure'],
             $this->previous_session['cookie_params']['httponly']
         );
         session_id($this->previous_session['id']);
         $this->previous_session = array();
         $this->sessionStart();

         /*
          * At this point, we have restored a previously-existing session, so we can't continue to use our session here.
          * Therefore, we need to load our session again in case we need it. We remove this handler from the parent
          * class so that the handler is initialized again if we ever need to do something with the session.
          */
         parent::$sessionHandler = null;
     }


     public function newSessionId()
     {
         // generate new (secure) session id
         $sessionId = bin2hex(openssl_random_pseudo_bytes(16));
         \SimpleSAML_Session::createSession($sessionId);

         return $sessionId;
     }


     public function getCookieSessionId()
     {
         if (!self::hasSessionCookie()) {
             return null; // there's no session cookie, can't return ID
         }

         // do not rely on session_id() as it can return the ID of a previous session. Get it from the cookie instead.
         session_id($_COOKIE[$this->cookie_name]);

         $session_cookie_params = session_get_cookie_params();

         if ($session_cookie_params['secure'] && !HTTP::isHTTPS()) {
             throw new \SimpleSAML_Error_Exception('Session start with secure cookie not allowed on http.');
         }

         $this->sessionStart();
         return session_id();
     }


     public function getSessionCookieName()
     {
         return $this->cookie_name;
     }


     public function saveSession(\SimpleSAML_Session $session)
     {
         $_SESSION['SimpleSAMLphp_SESSION'] = serialize($session);
     }


     public function loadSession($sessionId = null)
     {
         assert(is_string($sessionId) || $sessionId === null);

         if ($sessionId !== null) {
             if (session_id() === '') {
                 // session not initiated with getCookieSessionId(), start session without setting cookie
                 $ret = ini_set('session.use_cookies', '0');
                 if ($ret === false) {
                     throw new \SimpleSAML_Error_Exception('Disabling PHP option session.use_cookies failed.');
                 }

                 session_id($sessionId);
                 $this->sessionStart();
             } elseif ($sessionId !== session_id()) {
                 throw new \SimpleSAML_Error_Exception('Cannot load PHP session with a specific ID.');
             }
         } elseif (session_id() === '') {
             self::getCookieSessionId();
         }

         if (!isset($_SESSION['SimpleSAMLphp_SESSION'])) {
             return null;
         }

         $session = $_SESSION['SimpleSAMLphp_SESSION'];
         assert(is_string($session));

         $session = unserialize($session);

         return ($session !== false) ? $session : null;
     }


     public function hasSessionCookie()
     {
         return array_key_exists($this->cookie_name, $_COOKIE);
     }


     public function getCookieParams()
     {
         $config = \SimpleSAML_Configuration::getInstance();

         $ret = parent::getCookieParams();

         if ($config->hasValue('session.phpsession.limitedpath') && $config->hasValue('session.cookie.path')) {
             throw new \SimpleSAML_Error_Exception(
                 'You cannot set both the session.phpsession.limitedpath and session.cookie.path options.'
             );
         } elseif ($config->hasValue('session.phpsession.limitedpath')) {
             $ret['path'] = $config->getBoolean(
                 'session.phpsession.limitedpath',
                 false
             ) ? $config->getBasePath() : '/';
         }

         $ret['httponly'] = $config->getBoolean('session.phpsession.httponly', true);

         return $ret;
     }


     public function setCookie($sessionName, $sessionID, array $cookieParams = null)
     {
         if ($cookieParams === null) {
             $cookieParams = session_get_cookie_params();
         }

         if ($cookieParams['secure'] && !HTTP::isHTTPS()) {
             throw new CannotSetCookie(
                 'Setting secure cookie on plain HTTP is not allowed.',
                 CannotSetCookie::SECURE_COOKIE
             );
         }

         if (headers_sent()) {
             throw new CannotSetCookie(
                 'Headers already sent.',
                 CannotSetCookie::HEADERS_SENT
             );
         }

         if (session_id() !== '') {
             // session already started, close it
             session_write_close();
         }

         session_set_cookie_params(
             $cookieParams['lifetime'],
             $cookieParams['path'],
             $cookieParams['domain'],
             $cookieParams['secure'],
             $cookieParams['httponly']
         );

         session_id($sessionID);
         $this->sessionStart();
     }
 }
$_COOKIE
$_COOKIE['client_id']
Definition: server.php:9

SimpleSAML\SessionHandler
Definition: SessionHandler.php:17

SimpleSAML\SessionHandlerPHP
Definition: SessionHandlerPHP.php:17

$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10

$config
$config
Definition: bootstrap.php:15

SimpleSAML\SessionHandlerPHP\setCookie
setCookie($sessionName, $sessionID, array $cookieParams=null)
Set a session cookie.
Definition: SessionHandlerPHP.php:326

SimpleSAML_Session\createSession
static createSession($sessionId)
Create a new session and cache it.
Definition: Session.php:416

$sessionID
$sessionID
Definition: authmemcookie.php:36

$session
$session
Definition: proxy_ylocal.php:32

CannotSetCookie

SimpleSAML\Error\CannotSetCookie
Definition: CannotSetCookie.php:11

SimpleSAML_Session
Definition: Session.php:19

SimpleSAML\SessionHandlerPHP\hasSessionCookie
hasSessionCookie()
Check whether the session cookie is set.
Definition: SessionHandlerPHP.php:277

SimpleSAML\SessionHandlerPHP\getCookieSessionId
getCookieSessionId()
Retrieve the session ID saved in the session cookie, if there&#39;s one.
Definition: SessionHandlerPHP.php:184

SimpleSAML\SessionHandlerPHP\saveSession
saveSession(\SimpleSAML_Session $session)
Save the current session to the PHP session array.
Definition: SessionHandlerPHP.php:220

SimpleSAML
Attribute-related utility methods.

SimpleSAML\SessionHandlerPHP\sessionStart
sessionStart()
This method starts a session, making sure no warnings are generated due to headers being already sent...
Definition: SessionHandlerPHP.php:99

SimpleSAML\SessionHandlerPHP\restorePrevious
restorePrevious()
Restore a previously-existing session.
Definition: SessionHandlerPHP.php:132

PHPMailer\PHPMailer\$params
$params
Definition: get_oauth_token.php:84

SimpleSAML\SessionHandlerPHP\$cookie_name
$cookie_name
Definition: SessionHandlerPHP.php:25

SimpleSAML\SessionHandlerPHP\newSessionId
newSessionId()
Create a new session id.
Definition: SessionHandlerPHP.php:167

SimpleSAML\SessionHandlerPHP\getCookieParams
getCookieParams()
Get the cookie parameters that should be used for session cookies.
Definition: SessionHandlerPHP.php:294

$ret
$ret
Definition: parser.php:6

SimpleSAML\SessionHandlerPHP\loadSession
loadSession($sessionId=null)
Load the session from the PHP session array.
Definition: SessionHandlerPHP.php:236

php

SimpleSAML_Configuration\getInstance
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
Definition: Configuration.php:325

SimpleSAML\SessionHandlerPHP\__construct
__construct()
Initialize the PHP session handling.
Definition: SessionHandlerPHP.php:44

HTTP

SimpleSAML\SessionHandlerPHP\getSessionCookieName
getSessionCookieName()
Retrieve the session cookie name.
Definition: SessionHandlerPHP.php:209