145 if (php_sapi_name() ===
'cli' || defined(
'STDIN')) {
146 $this->trackid =
'CL'.bin2hex(openssl_random_pseudo_bytes(4));
154 $this->trackid =
'TR'.bin2hex(openssl_random_pseudo_bytes(4));
156 $this->
transient =
true;
162 $this->sessionId = $sh->getCookieSessionId();
163 if ($this->sessionId ===
null) {
164 $this->sessionId = $sh->newSessionId();
168 $this->sessionId = $sh->newSessionId();
169 $sh->setCookie($sh->getSessionCookieName(), $this->sessionId, $sh->getCookieParams());
172 $this->trackid = bin2hex(openssl_random_pseudo_bytes(5));
179 $checkFunction =
$globalConfig->getArray(
'session.check_function',
null);
180 if (isset($checkFunction)) {
181 assert(is_callable($checkFunction));
182 call_user_func($checkFunction, $this,
true);
197 $serialized =
serialize(get_object_vars($this));
220 foreach ($this->authData as
$authority => $parameters) {
221 if (!array_key_exists(
'RawAttributes', $parameters)) {
225 foreach ($parameters[
'RawAttributes'] as $attribute =>
$values) {
226 foreach (
$values as $idx => $value) {
228 $this->authData[
$authority][
'Attributes'][$attribute][$idx] = $value->element->childNodes;
244 if (isset(self::$instance)) {
252 }
catch (Exception $e) {
262 $cause = $e->getCause();
263 if ($cause instanceof Exception) {
281 if (self::$instance !==
null) {
288 }
catch (\
SimpleSAML\Error\CannotSetCookie $e) {
293 if ($e->getCode() === \
SimpleSAML\Error\CannotSetCookie::SECURE_COOKIE) {
294 throw new \SimpleSAML\Error\CriticalConfigurationError(
331 if (array_key_exists(
$sessionId, self::$sessions)) {
347 'session.authtoken.cookiename',
348 'SimpleSAMLAuthToken'
350 if (!isset(
$_COOKIE[$authTokenCookieName])) {
361 $checkFunction =
$globalConfig->getArray(
'session.check_function',
null);
362 if (isset($checkFunction)) {
363 assert(is_callable($checkFunction));
364 $check = call_user_func($checkFunction,
$session);
365 if ($check !==
true) {
403 if (isset(self::$instance)) {
437 $this->dirty =
false;
438 $this->callback_registered =
false;
443 $sh->saveSession($this);
444 }
catch (Exception $e) {
464 if ($sh instanceof \
SimpleSAML\SessionHandlerPHP) {
465 $sh->restorePrevious();
483 if ($this->callback_registered) {
487 $this->callback_registered = header_register_callback(array($this,
'save'));
556 $this->rememberMeExpire =
$expire;
558 $cookieParams = array(
'expire' => $this->rememberMeExpire);
586 if (
$data ===
null) {
593 if (!isset(
$data[
'AuthnInstant'])) {
594 $data[
'AuthnInstant'] = time();
597 $maxSessionExpire = time() +
$globalConfig->getInteger(
'session.duration', 8 * 60 * 60);
598 if (!isset(
$data[
'Expire']) ||
$data[
'Expire'] > $maxSessionExpire) {
600 $data[
'Expire'] = $maxSessionExpire;
604 foreach (
$data[
'Attributes'] as $attribute =>
$values) {
605 foreach (
$values as $idx => $value) {
606 if (is_string($value) || is_int($value)) {
611 if (!is_a($value,
'DOMNodeList')) {
616 if ($value->length === 0) {
621 $attrval = new \SAML2\XML\saml\AttributeValue($value->item(0)->parentNode);
622 $data[
'RawAttributes'][$attribute][$idx] = $attrval;
631 if (!$this->
transient && (!empty(
$data[
'RememberMe']) || $this->rememberMeExpire) &&
632 $globalConfig->getBoolean(
'session.rememberme.enable',
false)
638 $globalConfig->getString(
'session.authtoken.cookiename',
'SimpleSAMLAuthToken'),
640 $sessionHandler->getCookieParams()
642 }
catch (
SimpleSAML\Error\CannotSetCookie $e) {
648 unset($this->authToken);
677 if (!$this->
isValid($authority) && $this->rememberMeExpire) {
678 $this->rememberMeExpire =
null;
695 if (empty($this->authData[
$authority][
'LogoutHandlers'])) {
705 'Logout handler is not a valid function: '.$classname.
'::'.
715 unset($this->authData[
$authority][
'LogoutHandlers']);
733 ' not valid because we are not authenticated.'
738 if ($this->authData[
$authority][
'Expire'] <= time()) {
759 if ($this->sessionId !==
null) {
760 $sessionHandler->setCookie($sessionHandler->getSessionCookieName(), $this->sessionId,
$params);
765 if ($this->authToken !==
null) {
768 $globalConfig->getString(
'session.authtoken.cookiename',
'SimpleSAMLAuthToken'),
809 $logout_handler = array($classname, $functionname);
811 if (!is_callable($logout_handler)) {
813 'Logout handler is not a vaild function: '.$classname.
'::'.
818 $this->authData[
$authority][
'LogoutHandlers'][] = $logout_handler;
832 assert(is_string(
$type));
833 assert(is_string(
$id));
835 if (!is_array($this->dataStore)) {
839 if (!array_key_exists(
$type, $this->dataStore)) {
843 unset($this->dataStore[
$type][
$id]);
865 assert(is_string(
$type));
866 assert(is_string(
$id));
867 assert(is_int($timeout) || $timeout ===
null || $timeout === self::DATA_TIMEOUT_SESSION_END);
872 if ($timeout ===
null) {
876 $timeout = $configuration->getInteger(
'session.datastore.timeout',
null);
877 if ($timeout !==
null) {
880 'The value of the session.datastore.timeout'.
881 ' configuration option should be a positive integer.'
887 if ($timeout === self::DATA_TIMEOUT_SESSION_END) {
890 $expires = time() + $timeout;
894 'expires' => $expires,
895 'timeout' => $timeout,
899 if (!is_array($this->dataStore)) {
900 $this->dataStore = array();
903 if (!array_key_exists(
$type, $this->dataStore)) {
904 $this->dataStore[
$type] = array();
907 $this->dataStore[
$type][
$id] = $dataInfo;
921 if (!is_array($this->dataStore)) {
927 foreach ($this->dataStore as &$typedData) {
928 foreach ($typedData as
$id =>
$info) {
929 if (
$info[
'expires'] === self::DATA_TIMEOUT_SESSION_END) {
934 if ($ct >
$info[
'expires']) {
935 unset($typedData[
$id]);
954 assert(is_string(
$type));
955 assert(
$id ===
null || is_string(
$id));
963 if (!is_array($this->dataStore)) {
967 if (!array_key_exists(
$type, $this->dataStore)) {
971 if (!array_key_exists(
$id, $this->dataStore[
$type])) {
975 return $this->dataStore[
$type][
$id][
'data'];
993 assert(is_string(
$type));
995 if (!is_array($this->dataStore)) {
999 if (!array_key_exists(
$type, $this->dataStore)) {
1040 return $sh->hasSessionCookie();
1054 assert(is_string(
$idp));
1058 if (!isset($this->associations)) {
1059 $this->associations = array();
1062 if (!isset($this->associations[
$idp])) {
1063 $this->associations[
$idp] = array();
1083 assert(is_string(
$idp));
1085 if (!isset($this->associations)) {
1086 $this->associations = array();
1089 if (!isset($this->associations[
$idp])) {
1093 foreach ($this->associations[
$idp] as
$id => $assoc) {
1094 if (!isset($assoc[
'Expires'])) {
1097 if ($assoc[
'Expires'] >= time()) {
1101 unset($this->associations[
$idp][
$id]);
1104 return $this->associations[
$idp];
1118 assert(is_string(
$idp));
1119 assert(is_string($associationId));
1121 if (!isset($this->associations)) {
1125 if (!isset($this->associations[
$idp])) {
1129 unset($this->associations[
$idp][$associationId]);
1146 assert(is_string(
$name));
1163 $authorities = array();
1164 foreach (array_keys($this->authData) as
$authority) {
1165 if ($this->
isValid($authority)) {
1169 return $authorities;
An exception for terminatinating execution or to throw for unit testing.
static setTrackId($trackId)
Set the track identifier to use in all logs.
static getSessionHandler()
This function retrieves the current instance of the session handler.
static setCookie($name, $value, $params=null, $throw=true)
Set a cookie.
static generateID()
Generate a random identifier, ID_LENGTH bytes long.
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
updateSessionCookies($params=null)
Update session cookies.
callLogoutHandlers($authority)
This function calls all registered logout handlers.
setAuthorityExpire($authority, $expire=null)
Set the lifetime for authentication source.
getSessionId()
Retrieve the session ID of this session.
deleteData($type, $id)
Delete data from the data store.
setData($type, $id, $data, $timeout=null)
This function stores data in the data store.
const DATA_TIMEOUT_SESSION_END
This is a timeout value for setData, which indicates that the data should never be deleted,...
unserialize($serialized)
Unserialize a session object and load it.
registerLogoutHandler($authority, $classname, $functionname)
This function registers a logout handler.
expireData()
This function removes expired data from the data store.
addAssociation($idp, array $association)
Add an SP association for an IdP.
terminateAssociation($idp, $associationId)
Remove an SP association for an IdP.
isValid($authority)
Is the session representing an authenticated user, and is the session still alive.
cleanup()
Save the current session and clean any left overs that could interfere with the normal application be...
getAuthData($authority, $name)
Retrieve authentication data.
static getSession($sessionId=null)
Get a session from the session handler.
doLogin($authority, array $data=null)
Marks the user as logged in with the specified authority.
isTransient()
Retrieve if session is transient.
__construct($transient=false)
Private constructor that restricts instantiation to either getSessionFromRequest() for the current se...
static $instance
This variable holds the instance of the session - Singleton approach.
__destruct()
Destroy the session.
markDirty()
Mark this session as dirty.
getRememberMeExpire()
Get remember me expire time.
doLogout($authority)
Marks the user as logged out.
serialize()
Serialize this session object.
getTrackID()
Get a unique ID that will be permanent for this session.
hasSessionCookie()
Check whether the session cookie is set.
getDataOfType($type)
This function retrieves all data of the specified type from the data store.
getData($type, $id)
This function retrieves data from the data store.
static getSessionFromRequest()
Retrieves the current session.
setRememberMeExpire($expire=null)
Set remember me expire time.
getAssociations($idp)
Retrieve the associations for an IdP.
static load(SimpleSAML_Session $session)
Load a given session as the current one.
save()
Save the session to the store.
static createSession($sessionId)
Create a new session and cache it.
static useTransientSession()
Use a transient session.
getAuthorities()
Retrieve a list of authorities (authentication sources) that are currently valid within this session.
getAuthState($authority)
Get the current persistent authentication state.
if(!array_key_exists('StateId', $_REQUEST)) $id
if(!isset($associations[$assocId])) $association
Attribute-related utility methods.