ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
SimpleSAML_Session Class Reference
+ Inheritance diagram for SimpleSAML_Session:
+ Collaboration diagram for SimpleSAML_Session:

Public Member Functions

 serialize ()
 Serialize this session object. More...
 
 unserialize ($serialized)
 Unserialize a session object and load it. More...
 
 save ()
 Save the session to the store. More...
 
 cleanup ()
 Save the current session and clean any left overs that could interfere with the normal application behaviour. More...
 
 markDirty ()
 Mark this session as dirty. More...
 
 __destruct ()
 Destroy the session. More...
 
 getSessionId ()
 Retrieve the session ID of this session. More...
 
 isTransient ()
 Retrieve if session is transient. More...
 
 getTrackID ()
 Get a unique ID that will be permanent for this session. More...
 
 getRememberMeExpire ()
 Get remember me expire time. More...
 
 setRememberMeExpire ($expire=null)
 Set remember me expire time. More...
 
 doLogin ($authority, array $data=null)
 Marks the user as logged in with the specified authority. More...
 
 doLogout ($authority)
 Marks the user as logged out. More...
 
 isValid ($authority)
 Is the session representing an authenticated user, and is the session still alive. More...
 
 updateSessionCookies ($params=null)
 Update session cookies. More...
 
 setAuthorityExpire ($authority, $expire=null)
 Set the lifetime for authentication source. More...
 
 registerLogoutHandler ($authority, $classname, $functionname)
 This function registers a logout handler. More...
 
 deleteData ($type, $id)
 Delete data from the data store. More...
 
 setData ($type, $id, $data, $timeout=null)
 This function stores data in the data store. More...
 
 getData ($type, $id)
 This function retrieves data from the data store. More...
 
 getDataOfType ($type)
 This function retrieves all data of the specified type from the data store. More...
 
 getAuthState ($authority)
 Get the current persistent authentication state. More...
 
 hasSessionCookie ()
 Check whether the session cookie is set. More...
 
 addAssociation ($idp, array $association)
 Add an SP association for an IdP. More...
 
 getAssociations ($idp)
 Retrieve the associations for an IdP. More...
 
 terminateAssociation ($idp, $associationId)
 Remove an SP association for an IdP. More...
 
 getAuthData ($authority, $name)
 Retrieve authentication data. More...
 
 getAuthorities ()
 Retrieve a list of authorities (authentication sources) that are currently valid within this session. More...
 

Static Public Member Functions

static getSessionFromRequest ()
 Retrieves the current session. More...
 
static getSession ($sessionId=null)
 Get a session from the session handler. More...
 
static useTransientSession ()
 Use a transient session. More...
 
static createSession ($sessionId)
 Create a new session and cache it. More...
 

Data Fields

const DATA_TIMEOUT_SESSION_END = 'sessionEndTimeout'
 This is a timeout value for setData, which indicates that the data should never be deleted, i.e. More...
 

Private Member Functions

 __construct ($transient=false)
 Private constructor that restricts instantiation to either getSessionFromRequest() for the current session or getSession() for a specific one. More...
 
 callLogoutHandlers ($authority)
 This function calls all registered logout handlers. More...
 
 expireData ()
 This function removes expired data from the data store. More...
 

Static Private Member Functions

static load (SimpleSAML_Session $session)
 Load a given session as the current one. More...
 

Private Attributes

 $sessionId
 
 $transient = false
 
 $trackid = null
 
 $rememberMeExpire = null
 
 $dirty = false
 
 $callback_registered = false
 
 $dataStore = null
 
 $associations = array()
 
 $authToken
 
 $authData = array()
 

Static Private Attributes

static $sessions = array()
 
static $instance = null
 This variable holds the instance of the session - Singleton approach. More...
 

Detailed Description

Definition at line 19 of file Session.php.

Constructor & Destructor Documentation

◆ __construct()

SimpleSAML_Session::__construct (   $transient = false)
private

Private constructor that restricts instantiation to either getSessionFromRequest() for the current session or getSession() for a specific one.

Parameters
boolean$transientWhether to create a transient session or not.

Definition at line 143 of file Session.php.

144 {
145 if (php_sapi_name() === 'cli' || defined('STDIN')) {
146 $this->trackid = 'CL'.bin2hex(openssl_random_pseudo_bytes(4));
147 SimpleSAML\Logger::setTrackId($this->trackid);
148 $this->transient = $transient;
149 return;
150 }
151
152 if ($transient) { // transient session
154 $this->trackid = 'TR'.bin2hex(openssl_random_pseudo_bytes(4));
155 SimpleSAML\Logger::setTrackId($this->trackid);
156 $this->transient = true;
157
158 /*
159 * Initialize the session ID. It might be that we have a session cookie but we couldn't load the session.
160 * If that's the case, use that ID. If not, create a new ID.
161 */
162 $this->sessionId = $sh->getCookieSessionId();
163 if ($this->sessionId === null) {
164 $this->sessionId = $sh->newSessionId();
165 }
166 } else { // regular session
168 $this->sessionId = $sh->newSessionId();
169 $sh->setCookie($sh->getSessionCookieName(), $this->sessionId, $sh->getCookieParams());
170
171
172 $this->trackid = bin2hex(openssl_random_pseudo_bytes(5));
173 SimpleSAML\Logger::setTrackId($this->trackid);
174
175 $this->markDirty();
176
177 // initialize data for session check function if defined
179 $checkFunction = $globalConfig->getArray('session.check_function', null);
180 if (isset($checkFunction)) {
181 assert(is_callable($checkFunction));
182 call_user_func($checkFunction, $this, true);
183 }
184 }
185 }
static setTrackId($trackId)
Set the track identifier to use in all logs.
Definition: Logger.php:253
static getSessionHandler()
This function retrieves the current instance of the session handler.
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
markDirty()
Mark this session as dirty.
Definition: Session.php:475
$globalConfig

References $globalConfig, $transient, SimpleSAML_Configuration\getInstance(), SimpleSAML\SessionHandler\getSessionHandler(), markDirty(), and SimpleSAML\Logger\setTrackId().

+ Here is the call graph for this function:

◆ __destruct()

SimpleSAML_Session::__destruct ( )

Destroy the session.

Destructor for this class. It will save the session to the session handler in case the session has been marked as dirty. Do nothing otherwise.

Definition at line 497 of file Session.php.

498 {
499 $this->save();
500 }
save()
Save the session to the store.
Definition: Session.php:430

References save().

+ Here is the call graph for this function:

Member Function Documentation

◆ addAssociation()

SimpleSAML_Session::addAssociation (   $idp,
array  $association 
)

Add an SP association for an IdP.

This function is only for use by the SimpleSAML_IdP class.

Parameters
string$idpThe IdP id.
array$associationThe association we should add.

Definition at line 1052 of file Session.php.

1053 {
1054 assert(is_string($idp));
1055 assert(isset($association['id']));
1056 assert(isset($association['Handler']));
1057
1058 if (!isset($this->associations)) {
1059 $this->associations = array();
1060 }
1061
1062 if (!isset($this->associations[$idp])) {
1063 $this->associations[$idp] = array();
1064 }
1065
1066 $this->associations[$idp][$association['id']] = $association;
1067
1068 $this->markDirty();
1069 }
if(!isset($associations[$assocId])) $association
$idp
Definition: prp.php:13

References $association, $idp, and markDirty().

+ Here is the call graph for this function:

◆ callLogoutHandlers()

SimpleSAML_Session::callLogoutHandlers (   $authority)
private

This function calls all registered logout handlers.

Parameters
string$authorityThe authentication source we are logging out from.
Exceptions
ExceptionIf the handler is not a valid function or method.

Definition at line 690 of file Session.php.

691 {
692 assert(is_string($authority));
693 assert(isset($this->authData[$authority]));
694
695 if (empty($this->authData[$authority]['LogoutHandlers'])) {
696 return;
697 }
698 foreach ($this->authData[$authority]['LogoutHandlers'] as $handler) {
699 // verify that the logout handler is a valid function
700 if (!is_callable($handler)) {
701 $classname = $handler[0];
702 $functionname = $handler[1];
703
704 throw new Exception(
705 'Logout handler is not a valid function: '.$classname.'::'.
706 $functionname
707 );
708 }
709
710 // call the logout handler
711 call_user_func($handler);
712 }
713
714 // we require the logout handlers to register themselves again if they want to be called later
715 unset($this->authData[$authority]['LogoutHandlers']);
716 }
$authority
$handler

References $authority, and $handler.

Referenced by doLogout().

+ Here is the caller graph for this function:

◆ cleanup()

SimpleSAML_Session::cleanup ( )

Save the current session and clean any left overs that could interfere with the normal application behaviour.

Use this method if you are using PHP sessions in your application and in SimpleSAMLphp, after you are done using SimpleSAMLphp and before trying to access your application's session again.

Definition at line 460 of file Session.php.

461 {
462 $this->save();
464 if ($sh instanceof \SimpleSAML\SessionHandlerPHP) {
465 $sh->restorePrevious();
466 }
467 }
Attribute-related utility methods.

References SimpleSAML\SessionHandler\getSessionHandler(), and save().

+ Here is the call graph for this function:

◆ createSession()

static SimpleSAML_Session::createSession (   $sessionId)
static

Create a new session and cache it.

Parameters
string$sessionIdThe new session we should create.

Definition at line 416 of file Session.php.

417 {
418 assert(is_string($sessionId));
419 self::$sessions[$sessionId] = null;
420 }

References $sessionId.

Referenced by SimpleSAML\SessionHandlerCookie\newSessionId(), and SimpleSAML\SessionHandlerPHP\newSessionId().

+ Here is the caller graph for this function:

◆ deleteData()

SimpleSAML_Session::deleteData (   $type,
  $id 
)

Delete data from the data store.

This function immediately deletes the data with the given type and id from the data store.

Parameters
string$typeThe type of the data.
string$idThe identifier of the data.

Definition at line 830 of file Session.php.

831 {
832 assert(is_string($type));
833 assert(is_string($id));
834
835 if (!is_array($this->dataStore)) {
836 return;
837 }
838
839 if (!array_key_exists($type, $this->dataStore)) {
840 return;
841 }
842
843 unset($this->dataStore[$type][$id]);
844 $this->markDirty();
845 }
if(!array_key_exists('StateId', $_REQUEST)) $id
$type

References $id, $type, and markDirty().

+ Here is the call graph for this function:

◆ doLogin()

SimpleSAML_Session::doLogin (   $authority,
array  $data = null 
)

Marks the user as logged in with the specified authority.

If the user already has logged in, the user will be logged out first.

Parameters
string$authorityThe authority the user logged in with.
array | null$dataThe authentication data for this authority.
Exceptions

SimpleSAML\Error\CannotSetCookie If the authentication token cannot be set for some reason.

Definition at line 572 of file Session.php.

573 {
574 assert(is_string($authority));
575 assert(is_array($data) || $data === null);
576
577 SimpleSAML\Logger::debug('Session: doLogin("'.$authority.'")');
578
579 $this->markDirty();
580
581 if (isset($this->authData[$authority])) {
582 // we are already logged in, log the user out first
583 $this->doLogout($authority);
584 }
585
586 if ($data === null) {
587 $data = array();
588 }
589
590 $data['Authority'] = $authority;
591
593 if (!isset($data['AuthnInstant'])) {
594 $data['AuthnInstant'] = time();
595 }
596
597 $maxSessionExpire = time() + $globalConfig->getInteger('session.duration', 8 * 60 * 60);
598 if (!isset($data['Expire']) || $data['Expire'] > $maxSessionExpire) {
599 // unset, or beyond our session lifetime. Clamp it to our maximum session lifetime
600 $data['Expire'] = $maxSessionExpire;
601 }
602
603 // check if we have non-serializable attribute values
604 foreach ($data['Attributes'] as $attribute => $values) {
605 foreach ($values as $idx => $value) {
606 if (is_string($value) || is_int($value)) {
607 continue;
608 }
609
610 // at this point, this should be a DOMNodeList object...
611 if (!is_a($value, 'DOMNodeList')) {
612 continue;
613 }
614
615 /* @var \DOMNodeList $value */
616 if ($value->length === 0) {
617 continue;
618 }
619
620 // create an AttributeValue object and save it to 'RawAttributes', using same attribute name and index
621 $attrval = new \SAML2\XML\saml\AttributeValue($value->item(0)->parentNode);
622 $data['RawAttributes'][$attribute][$idx] = $attrval;
623 }
624 }
625
626 $this->authData[$authority] = $data;
627
628 $this->authToken = SimpleSAML\Utils\Random::generateID();
630
631 if (!$this->transient && (!empty($data['RememberMe']) || $this->rememberMeExpire) &&
632 $globalConfig->getBoolean('session.rememberme.enable', false)
633 ) {
634 $this->setRememberMeExpire();
635 } else {
636 try {
638 $globalConfig->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'),
639 $this->authToken,
640 $sessionHandler->getCookieParams()
641 );
642 } catch (SimpleSAML\Error\CannotSetCookie $e) {
643 /*
644 * Something went wrong when setting the auth token. We cannot recover from this, so we better log a
645 * message and throw an exception. The user is not properly logged in anyway, so clear all login
646 * information from the session.
647 */
648 unset($this->authToken);
649 unset($this->authData[$authority]);
650 \SimpleSAML\Logger::error('Cannot set authentication token cookie: '.$e->getMessage());
651 throw $e;
652 }
653 }
654 }
static error($string)
Definition: Logger.php:166
static debug($string)
Definition: Logger.php:211
static setCookie($name, $value, $params=null, $throw=true)
Set a cookie.
Definition: HTTP.php:1104
static generateID()
Generate a random identifier, ID_LENGTH bytes long.
Definition: Random.php:26
doLogout($authority)
Marks the user as logged out.
Definition: Session.php:663
setRememberMeExpire($expire=null)
Set remember me expire time.
Definition: Session.php:548
$values
$data
Definition: bench.php:6

References $authority, $data, $globalConfig, $values, SimpleSAML\Logger\debug(), doLogout(), SimpleSAML\Logger\error(), SimpleSAML\Utils\Random\generateID(), SimpleSAML_Configuration\getInstance(), SimpleSAML\SessionHandler\getSessionHandler(), markDirty(), SimpleSAML\Utils\HTTP\setCookie(), and setRememberMeExpire().

+ Here is the call graph for this function:

◆ doLogout()

SimpleSAML_Session::doLogout (   $authority)

Marks the user as logged out.

This function will call any registered logout handlers before marking the user as logged out.

Parameters
string$authorityThe authentication source we are logging out of.

Definition at line 663 of file Session.php.

664 {
665 SimpleSAML\Logger::debug('Session: doLogout('.var_export($authority, true).')');
666
667 if (!isset($this->authData[$authority])) {
668 SimpleSAML\Logger::debug('Session: Already logged out of '.$authority.'.');
669 return;
670 }
671
672 $this->markDirty();
673
674 $this->callLogoutHandlers($authority);
675 unset($this->authData[$authority]);
676
677 if (!$this->isValid($authority) && $this->rememberMeExpire) {
678 $this->rememberMeExpire = null;
679 $this->updateSessionCookies();
680 }
681 }
updateSessionCookies($params=null)
Update session cookies.
Definition: Session.php:753
callLogoutHandlers($authority)
This function calls all registered logout handlers.
Definition: Session.php:690
isValid($authority)
Is the session representing an authenticated user, and is the session still alive.
Definition: Session.php:726

References $authority, callLogoutHandlers(), SimpleSAML\Logger\debug(), isValid(), markDirty(), and updateSessionCookies().

Referenced by doLogin().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ expireData()

SimpleSAML_Session::expireData ( )
private

This function removes expired data from the data store.

Note that this function doesn't mark the session object as dirty. This means that if the only change to the session object is that some data has expired, it will not be written back to the session store.

Definition at line 919 of file Session.php.

920 {
921 if (!is_array($this->dataStore)) {
922 return;
923 }
924
925 $ct = time();
926
927 foreach ($this->dataStore as &$typedData) {
928 foreach ($typedData as $id => $info) {
929 if ($info['expires'] === self::DATA_TIMEOUT_SESSION_END) {
930 // this data never expires
931 continue;
932 }
933
934 if ($ct > $info['expires']) {
935 unset($typedData[$id]);
936 }
937 }
938 }
939 }
$info
Definition: index.php:5

References $id, and $info.

Referenced by getData(), and setData().

+ Here is the caller graph for this function:

◆ getAssociations()

SimpleSAML_Session::getAssociations (   $idp)

Retrieve the associations for an IdP.

This function is only for use by the SimpleSAML_IdP class.

Parameters
string$idpThe IdP id.
Returns
array The IdP associations.

Definition at line 1081 of file Session.php.

1082 {
1083 assert(is_string($idp));
1084
1085 if (!isset($this->associations)) {
1086 $this->associations = array();
1087 }
1088
1089 if (!isset($this->associations[$idp])) {
1090 return array();
1091 }
1092
1093 foreach ($this->associations[$idp] as $id => $assoc) {
1094 if (!isset($assoc['Expires'])) {
1095 continue;
1096 }
1097 if ($assoc['Expires'] >= time()) {
1098 continue;
1099 }
1100
1101 unset($this->associations[$idp][$id]);
1102 }
1103
1104 return $this->associations[$idp];
1105 }

References $id, and $idp.

◆ getAuthData()

SimpleSAML_Session::getAuthData (   $authority,
  $name 
)

Retrieve authentication data.

Parameters
string$authorityThe authentication source we should retrieve data from.
string$nameThe name of the data we should retrieve.
Returns
mixed The value, or null if the value wasn't found.

Definition at line 1143 of file Session.php.

1144 {
1145 assert(is_string($authority));
1146 assert(is_string($name));
1147
1148 if (!isset($this->authData[$authority][$name])) {
1149 return null;
1150 }
1151 return $this->authData[$authority][$name];
1152 }

References $authority, and $name.

◆ getAuthorities()

SimpleSAML_Session::getAuthorities ( )

Retrieve a list of authorities (authentication sources) that are currently valid within this session.

Returns
mixed An array containing every authority currently valid. Empty if none available.

Definition at line 1161 of file Session.php.

1162 {
1163 $authorities = array();
1164 foreach (array_keys($this->authData) as $authority) {
1165 if ($this->isValid($authority)) {
1166 $authorities[] = $authority;
1167 }
1168 }
1169 return $authorities;
1170 }

References $authority, and isValid().

+ Here is the call graph for this function:

◆ getAuthState()

SimpleSAML_Session::getAuthState (   $authority)

Get the current persistent authentication state.

Parameters
string$authorityThe authority to retrieve the data from.
Returns
array The current persistent authentication state, or null if not authenticated.

Definition at line 1018 of file Session.php.

1019 {
1020 assert(is_string($authority));
1021
1022 if (!isset($this->authData[$authority])) {
1023 return null;
1024 }
1025
1026 return $this->authData[$authority];
1027 }

References $authority.

◆ getData()

SimpleSAML_Session::getData (   $type,
  $id 
)

This function retrieves data from the data store.

Note that this will not change when the data stored in the data store will expire. If that is required, the data should be written back with setData.

Parameters
string$typeThe type of the data. This must match the type used when adding the data.
string | null$idThe identifier of the data. Can be null, in which case null will be returned.
Returns
mixed The data of the given type with the given id or null if the data doesn't exist in the data store.

Definition at line 952 of file Session.php.

953 {
954 assert(is_string($type));
955 assert($id === null || is_string($id));
956
957 if ($id === null) {
958 return null;
959 }
960
961 $this->expireData();
962
963 if (!is_array($this->dataStore)) {
964 return null;
965 }
966
967 if (!array_key_exists($type, $this->dataStore)) {
968 return null;
969 }
970
971 if (!array_key_exists($id, $this->dataStore[$type])) {
972 return null;
973 }
974
975 return $this->dataStore[$type][$id]['data'];
976 }
expireData()
This function removes expired data from the data store.
Definition: Session.php:919

References $id, $type, and expireData().

+ Here is the call graph for this function:

◆ getDataOfType()

SimpleSAML_Session::getDataOfType (   $type)

This function retrieves all data of the specified type from the data store.

The data will be returned as an associative array with the id of the data as the key, and the data as the value of each key. The value will be stored as a copy of the original data. setData must be used to update the data.

An empty array will be returned if no data of the given type is found.

Parameters
string$typeThe type of the data.
Returns
array An associative array with all data of the given type.

Definition at line 991 of file Session.php.

992 {
993 assert(is_string($type));
994
995 if (!is_array($this->dataStore)) {
996 return array();
997 }
998
999 if (!array_key_exists($type, $this->dataStore)) {
1000 return array();
1001 }
1002
1003 $ret = array();
1004 foreach ($this->dataStore[$type] as $id => $info) {
1005 $ret[$id] = $info['data'];
1006 }
1007
1008 return $ret;
1009 }
$ret
Definition: parser.php:6

References $id, $info, $ret, and $type.

◆ getRememberMeExpire()

SimpleSAML_Session::getRememberMeExpire ( )

Get remember me expire time.

Returns
integer|null The remember me expire time.

Definition at line 538 of file Session.php.

539 {
541 }

References $rememberMeExpire.

◆ getSession()

static SimpleSAML_Session::getSession (   $sessionId = null)
static

Get a session from the session handler.

Parameters
string | null$sessionIdThe session we should get, or null to get the current session.
Returns
SimpleSAML_Session|null The session that is stored in the session handler, or null if the session wasn't found.

Definition at line 315 of file Session.php.

316 {
317 assert(is_string($sessionId) || $sessionId === null);
318
320
321 if ($sessionId === null) {
322 $checkToken = true;
323 $sessionId = $sh->getCookieSessionId();
324 if ($sessionId === null) {
325 return null;
326 }
327 } else {
328 $checkToken = false;
329 }
330
331 if (array_key_exists($sessionId, self::$sessions)) {
332 return self::$sessions[$sessionId];
333 }
334
335 $session = $sh->loadSession($sessionId);
336 if ($session === null) {
337 return null;
338 }
339
340 assert($session instanceof self);
341
342 if ($checkToken) {
344
345 if ($session->authToken !== null) {
346 $authTokenCookieName = $globalConfig->getString(
347 'session.authtoken.cookiename',
348 'SimpleSAMLAuthToken'
349 );
350 if (!isset($_COOKIE[$authTokenCookieName])) {
351 SimpleSAML\Logger::warning('Missing AuthToken cookie.');
352 return null;
353 }
354 if (!SimpleSAML\Utils\Crypto::secureCompare($session->authToken, $_COOKIE[$authTokenCookieName])) {
355 SimpleSAML\Logger::warning('Invalid AuthToken cookie.');
356 return null;
357 }
358 }
359
360 // run session check function if defined
361 $checkFunction = $globalConfig->getArray('session.check_function', null);
362 if (isset($checkFunction)) {
363 assert(is_callable($checkFunction));
364 $check = call_user_func($checkFunction, $session);
365 if ($check !== true) {
366 SimpleSAML\Logger::warning('Session did not pass check function.');
367 return null;
368 }
369 }
370 }
371
372 self::$sessions[$sessionId] = $session;
373
374 return $session;
375 }
$_COOKIE['client_id']
Definition: server.php:9
static warning($string)
Definition: Logger.php:177
$session

References $_COOKIE, $globalConfig, $session, $sessionId, SimpleSAML_Configuration\getInstance(), SimpleSAML\SessionHandler\getSessionHandler(), and SimpleSAML\Logger\warning().

Referenced by getSessionFromRequest().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getSessionFromRequest()

static SimpleSAML_Session::getSessionFromRequest ( )
static

Retrieves the current session.

Creates a new session if there's not one.

Returns
SimpleSAML_Session The current session.
Exceptions
ExceptionWhen session couldn't be initialized and the session fallback is disabled by configuration.

Definition at line 241 of file Session.php.

242 {
243 // check if we already have initialized the session
244 if (isset(self::$instance)) {
245 return self::$instance;
246 }
247
248 // check if we have stored a session stored with the session handler
249 $session = null;
250 try {
252 } catch (Exception $e) {
253 /*
254 * For some reason, we were unable to initialize this session. Note that this error might be temporary, and
255 * it's possible that we can recover from it in subsequent requests, so we should not try to create a new
256 * session here. Therefore, use just a transient session and throw the exception for someone else to handle
257 * it.
258 */
259 SimpleSAML\Logger::error('Error loading session: '.$e->getMessage());
261 if ($e instanceof SimpleSAML_Error_Exception) {
262 $cause = $e->getCause();
263 if ($cause instanceof Exception) {
264 throw $cause;
265 }
266 }
267 throw $e;
268 }
269
270 // if getSession() found it, use it
271 if ($session instanceof SimpleSAML_Session) {
272 return self::load($session);
273 }
274
275 /*
276 * We didn't have a session loaded when we started, but we have it now. At this point, getSession() failed but
277 * it must have triggered the creation of a session at some point during the process (e.g. while logging an
278 * error message). This means we don't need to create a new session again, we can use the one that's loaded now
279 * instead.
280 */
281 if (self::$instance !== null) {
282 return self::$instance;
283 }
284
285 // try to create a new session
286 try {
288 } catch (\SimpleSAML\Error\CannotSetCookie $e) {
289 // can't create a regular session because we can't set cookies. Use transient.
292
293 if ($e->getCode() === \SimpleSAML\Error\CannotSetCookie::SECURE_COOKIE) {
294 throw new \SimpleSAML\Error\CriticalConfigurationError(
295 $e->getMessage(),
296 null,
297 $c->toArray()
298 );
299 }
300 SimpleSAML\Logger::error('Error creating session: '.$e->getMessage());
301 }
302
303 // we must have a session now, either regular or transient
304 return self::$instance;
305 }
static getSession($sessionId=null)
Get a session from the session handler.
Definition: Session.php:315
static $instance
This variable holds the instance of the session - Singleton approach.
Definition: Session.php:44
static load(SimpleSAML_Session $session)
Load a given session as the current one.
Definition: Session.php:388
static useTransientSession()
Use a transient session.
Definition: Session.php:401

References $c, $instance, $session, SimpleSAML\Logger\error(), SimpleSAML_Configuration\getInstance(), getSession(), load(), and useTransientSession().

Referenced by SimpleSAML_XHTML_IdPDisco\__construct(), SimpleSAML_IdP\addAssociation(), SimpleSAML_Auth_Source\addLogoutCallback(), sspmod_saml_SP_LogoutStore\addSession(), sspmod_negotiate_Auth_Source_Negotiate\authenticate(), SimpleSAML_Auth_Source\callLogoutCallback(), SimpleSAML_Utilities\createHttpPostRedirectLink(), sspmod_multiauth_Auth_Source_MultiAuth\delegateAuthentication(), SimpleSAML\Logger\flush(), SimpleSAML_IdP\getAssociations(), ilSimpleSAMLphpWrapper\getParam(), SimpleSAML\Utils\HTTP\getSecurePOSTRedirectURL(), SimpleSAML_IdP\handleLogoutRequest(), SimpleSAML_IdP\handleLogoutResponse(), sspmod_saml_Auth_Source_SP\handleUnsolicitedAuth(), SimpleSAML_Auth_Default\initLogoutReturn(), SimpleSAML\Utils\Auth\isAdmin(), SimpleSAML_Auth_State\loadState(), SimpleSAML_Auth_Source\loginCompleted(), sspmod_multiauth_Auth_Source_MultiAuth\logout(), sspmod_negotiate_Auth_Source_Negotiate\logout(), SimpleSAML_Auth_Source\logoutCallback(), ilSimpleSAMLphpWrapper\popParam(), SimpleSAML_IdP\postAuth(), SimpleSAML_IdP\postAuthProc(), sspmod_core_Auth_Process_ExtendIdPSession\process(), SimpleSAML_Auth_Source\reauthenticate(), sspmod_saml_Auth_Source_SP\reauthenticate(), sspmod_saml_Auth_Source_SP\reauthPostLogin(), SimpleSAML_Error_Error\saveError(), SimpleSAML_Auth_State\saveState(), SimpleSAML_Error_Error\show(), ilSimpleSAMLphpWrapper\storeParam(), and SimpleSAML_IdP\terminateAssociation().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getSessionId()

SimpleSAML_Session::getSessionId ( )

Retrieve the session ID of this session.

Returns
string|null The session ID, or null if this is a transient session.

Definition at line 507 of file Session.php.

508 {
509 return $this->sessionId;
510 }

References $sessionId.

◆ getTrackID()

SimpleSAML_Session::getTrackID ( )

Get a unique ID that will be permanent for this session.

Used for debugging and tracing log files related to a session.

Returns
string|null The unique ID.

Definition at line 528 of file Session.php.

529 {
530 return $this->trackid;
531 }

References $trackid.

◆ hasSessionCookie()

SimpleSAML_Session::hasSessionCookie ( )

Check whether the session cookie is set.

This function will only return false if is is certain that the cookie isn't set.

Returns
bool true if it was set, false if not.

Definition at line 1037 of file Session.php.

1038 {
1040 return $sh->hasSessionCookie();
1041 }

References SimpleSAML\SessionHandler\getSessionHandler().

+ Here is the call graph for this function:

◆ isTransient()

SimpleSAML_Session::isTransient ( )

Retrieve if session is transient.

Returns
boolean The session transient flag.

Definition at line 517 of file Session.php.

518 {
519 return $this->transient;
520 }

References $transient.

Referenced by markDirty().

+ Here is the caller graph for this function:

◆ isValid()

SimpleSAML_Session::isValid (   $authority)

Is the session representing an authenticated user, and is the session still alive.

This function will return false after the user has timed out.

Parameters
string$authorityThe authentication source that the user should be authenticated with.
Returns
true if the user has a valid session, false if not.

Definition at line 726 of file Session.php.

727 {
728 assert(is_string($authority));
729
730 if (!isset($this->authData[$authority])) {
732 'Session: '.var_export($authority, true).
733 ' not valid because we are not authenticated.'
734 );
735 return false;
736 }
737
738 if ($this->authData[$authority]['Expire'] <= time()) {
739 SimpleSAML\Logger::debug('Session: '.var_export($authority, true).' not valid because it is expired.');
740 return false;
741 }
742
743 SimpleSAML\Logger::debug('Session: Valid session found with '.var_export($authority, true).'.');
744
745 return true;
746 }

References $authority, and SimpleSAML\Logger\debug().

Referenced by doLogout(), and getAuthorities().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ load()

static SimpleSAML_Session::load ( SimpleSAML_Session  $session)
staticprivate

Load a given session as the current one.

This method will also set the track ID in the logger to the one in the given session.

Warning: never set self::$instance yourself, call this method instead.

Parameters
SimpleSAML_Session$sessionThe session to load.
Returns
SimpleSAML_Session The session we just loaded, just for convenience.

Definition at line 388 of file Session.php.

389 {
391 self::$instance = $session;
392 return self::$instance;
393 }

References $instance, $session, and SimpleSAML\Logger\setTrackId().

Referenced by getSessionFromRequest(), and useTransientSession().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ markDirty()

SimpleSAML_Session::markDirty ( )

Mark this session as dirty.

This method will register a callback to save the session right before any output is sent to the browser.

Definition at line 475 of file Session.php.

476 {
477 if ($this->isTransient()) {
478 return;
479 }
480
481 $this->dirty = true;
482
483 if ($this->callback_registered) {
484 // we already have a shutdown callback registered for this object, no need to add another one
485 return;
486 }
487 $this->callback_registered = header_register_callback(array($this, 'save'));
488 }
isTransient()
Retrieve if session is transient.
Definition: Session.php:517

References isTransient().

Referenced by __construct(), addAssociation(), deleteData(), doLogin(), doLogout(), registerLogoutHandler(), setAuthorityExpire(), setData(), and terminateAssociation().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ registerLogoutHandler()

SimpleSAML_Session::registerLogoutHandler (   $authority,
  $classname,
  $functionname 
)

This function registers a logout handler.

Parameters
string$authorityThe authority for which register the handler.
string$classnameThe class which contains the logout handler.
string$functionnameThe logout handler function.
Exceptions
ExceptionIf the handler is not a valid function or method.

Definition at line 805 of file Session.php.

806 {
807 assert(isset($this->authData[$authority]));
808
809 $logout_handler = array($classname, $functionname);
810
811 if (!is_callable($logout_handler)) {
812 throw new Exception(
813 'Logout handler is not a vaild function: '.$classname.'::'.
814 $functionname
815 );
816 }
817
818 $this->authData[$authority]['LogoutHandlers'][] = $logout_handler;
819 $this->markDirty();
820 }

References $authority, and markDirty().

+ Here is the call graph for this function:

◆ save()

SimpleSAML_Session::save ( )

Save the session to the store.

This method saves the session to the session handler in case it has been marked as dirty.

WARNING: please do not use this method directly unless you really need to and know what you are doing. Use markDirty() instead.

Definition at line 430 of file Session.php.

431 {
432 if (!$this->dirty) {
433 // session hasn't changed, don't bother saving it
434 return;
435 }
436
437 $this->dirty = false;
438 $this->callback_registered = false;
439
441
442 try {
443 $sh->saveSession($this);
444 } catch (Exception $e) {
445 if (!($e instanceof SimpleSAML_Error_Exception)) {
447 }
448 SimpleSAML\Logger::error('Unable to save session.');
449 $e->logError();
450 }
451 }

References SimpleSAML\Logger\error(), and SimpleSAML\SessionHandler\getSessionHandler().

Referenced by __destruct(), and cleanup().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ serialize()

SimpleSAML_Session::serialize ( )

Serialize this session object.

This method will be invoked by any calls to serialize().

Returns
string The serialized representation of this session object.

Definition at line 195 of file Session.php.

196 {
197 $serialized = serialize(get_object_vars($this));
198 return $serialized;
199 }
serialize()
Serialize this session object.
Definition: Session.php:195

References serialize().

Referenced by serialize().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ setAuthorityExpire()

SimpleSAML_Session::setAuthorityExpire (   $authority,
  $expire = null 
)

Set the lifetime for authentication source.

Parameters
string$authorityThe authentication source we are setting expire time for.
int$expireThe number of seconds authentication source is valid.

Definition at line 781 of file Session.php.

782 {
783 assert(isset($this->authData[$authority]));
784 assert(is_int($expire) || $expire === null);
785
786 $this->markDirty();
787
788 if ($expire === null) {
790 $expire = time() + $globalConfig->getInteger('session.duration', 8 * 60 * 60);
791 }
792
793 $this->authData[$authority]['Expire'] = $expire;
794 }
$expire
Definition: saml2-acs.php:140

References $authority, $expire, $globalConfig, SimpleSAML_Configuration\getInstance(), and markDirty().

+ Here is the call graph for this function:

◆ setData()

SimpleSAML_Session::setData (   $type,
  $id,
  $data,
  $timeout = null 
)

This function stores data in the data store.

The timeout value can be SimpleSAML_Session::DATA_TIMEOUT_SESSION_END, which indicates that the data should never be deleted.

Parameters
string$typeThe type of the data. This is checked when retrieving data from the store.
string$idThe identifier of the data.
mixed$dataThe data.
int | null$timeoutThe number of seconds this data should be stored after its last access. This parameter is optional. The default value is set in 'session.datastore.timeout', and the default is 4 hours.
Exceptions
ExceptionIf the data couldn't be stored.

Definition at line 863 of file Session.php.

864 {
865 assert(is_string($type));
866 assert(is_string($id));
867 assert(is_int($timeout) || $timeout === null || $timeout === self::DATA_TIMEOUT_SESSION_END);
868
869 // clean out old data
870 $this->expireData();
871
872 if ($timeout === null) {
873 // use the default timeout
874 $configuration = SimpleSAML_Configuration::getInstance();
875
876 $timeout = $configuration->getInteger('session.datastore.timeout', null);
877 if ($timeout !== null) {
878 if ($timeout <= 0) {
879 throw new Exception(
880 'The value of the session.datastore.timeout'.
881 ' configuration option should be a positive integer.'
882 );
883 }
884 }
885 }
886
887 if ($timeout === self::DATA_TIMEOUT_SESSION_END) {
889 } else {
890 $expires = time() + $timeout;
891 }
892
893 $dataInfo = array(
894 'expires' => $expires,
895 'timeout' => $timeout,
896 'data' => $data
897 );
898
899 if (!is_array($this->dataStore)) {
900 $this->dataStore = array();
901 }
902
903 if (!array_key_exists($type, $this->dataStore)) {
904 $this->dataStore[$type] = array();
905 }
906
907 $this->dataStore[$type][$id] = $dataInfo;
908
909 $this->markDirty();
910 }
const DATA_TIMEOUT_SESSION_END
This is a timeout value for setData, which indicates that the data should never be deleted,...
Definition: Session.php:26

References $data, $id, $type, DATA_TIMEOUT_SESSION_END, expireData(), SimpleSAML_Configuration\getInstance(), and markDirty().

+ Here is the call graph for this function:

◆ setRememberMeExpire()

SimpleSAML_Session::setRememberMeExpire (   $expire = null)

Set remember me expire time.

Parameters
int$expireUnix timestamp when remember me session cookies expire.

Definition at line 548 of file Session.php.

549 {
550 assert(is_int($expire) || $expire === null);
551
552 if ($expire === null) {
554 $expire = time() + $globalConfig->getInteger('session.rememberme.lifetime', 14 * 86400);
555 }
556 $this->rememberMeExpire = $expire;
557
558 $cookieParams = array('expire' => $this->rememberMeExpire);
559 $this->updateSessionCookies($cookieParams);
560 }

References $expire, $globalConfig, SimpleSAML_Configuration\getInstance(), and updateSessionCookies().

Referenced by doLogin().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ terminateAssociation()

SimpleSAML_Session::terminateAssociation (   $idp,
  $associationId 
)

Remove an SP association for an IdP.

This function is only for use by the SimpleSAML_IdP class.

Parameters
string$idpThe IdP id.
string$associationIdThe id of the association.

Definition at line 1116 of file Session.php.

1117 {
1118 assert(is_string($idp));
1119 assert(is_string($associationId));
1120
1121 if (!isset($this->associations)) {
1122 return;
1123 }
1124
1125 if (!isset($this->associations[$idp])) {
1126 return;
1127 }
1128
1129 unset($this->associations[$idp][$associationId]);
1130
1131 $this->markDirty();
1132 }

References $idp, and markDirty().

+ Here is the call graph for this function:

◆ unserialize()

SimpleSAML_Session::unserialize (   $serialized)

Unserialize a session object and load it.

This method will be invoked by any calls to unserialize(), allowing us to restore any data that might not be serializable in its original form (e.g.: DOM objects).

Parameters
string$serializedThe serialized representation of a session that we want to restore.

Definition at line 210 of file Session.php.

211 {
212 $session = unserialize($serialized);
213 if (is_array($session)) {
214 foreach ($session as $k => $v) {
215 $this->$k = $v;
216 }
217 }
218
219 // look for any raw attributes and load them in the 'Attributes' array
220 foreach ($this->authData as $authority => $parameters) {
221 if (!array_key_exists('RawAttributes', $parameters)) {
222 continue;
223 }
224
225 foreach ($parameters['RawAttributes'] as $attribute => $values) {
226 foreach ($values as $idx => $value) { // this should be originally a DOMNodeList
227 /* @var \SAML2\XML\saml\AttributeValue $value */
228 $this->authData[$authority]['Attributes'][$attribute][$idx] = $value->element->childNodes;
229 }
230 }
231 }
232 }
unserialize($serialized)
Unserialize a session object and load it.
Definition: Session.php:210

References $authority, $session, $values, and unserialize().

Referenced by unserialize().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ updateSessionCookies()

SimpleSAML_Session::updateSessionCookies (   $params = null)

Update session cookies.

Parameters
array$paramsThe parameters for the cookies.

Definition at line 753 of file Session.php.

754 {
755 assert(is_null($params) || is_array($params));
756
758
759 if ($this->sessionId !== null) {
760 $sessionHandler->setCookie($sessionHandler->getSessionCookieName(), $this->sessionId, $params);
761 }
762
763 $params = array_merge($sessionHandler->getCookieParams(), is_array($params) ? $params : array());
764
765 if ($this->authToken !== null) {
768 $globalConfig->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'),
769 $this->authToken,
770 $params
771 );
772 }
773 }

References $globalConfig, PHPMailer\PHPMailer\$params, SimpleSAML_Configuration\getInstance(), SimpleSAML\SessionHandler\getSessionHandler(), and SimpleSAML\Utils\HTTP\setCookie().

Referenced by doLogout(), and setRememberMeExpire().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ useTransientSession()

static SimpleSAML_Session::useTransientSession ( )
static

Use a transient session.

Create a session that should not be saved at the end of the request. Subsequent calls to getInstance() will return this transient session.

Definition at line 401 of file Session.php.

402 {
403 if (isset(self::$instance)) {
404 // we already have a session, don't bother with a transient session
405 return;
406 }
407
409 }

References load().

Referenced by getSessionFromRequest().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Field Documentation

◆ $associations

SimpleSAML_Session::$associations = array()
private

Definition at line 114 of file Session.php.

◆ $authData

SimpleSAML_Session::$authData = array()
private

Definition at line 134 of file Session.php.

◆ $authToken

SimpleSAML_Session::$authToken
private

Definition at line 124 of file Session.php.

◆ $callback_registered

SimpleSAML_Session::$callback_registered = false
private

Definition at line 90 of file Session.php.

◆ $dataStore

SimpleSAML_Session::$dataStore = null
private

Definition at line 103 of file Session.php.

◆ $dirty

SimpleSAML_Session::$dirty = false
private

Definition at line 82 of file Session.php.

◆ $instance

SimpleSAML_Session::$instance = null
staticprivate

This variable holds the instance of the session - Singleton approach.

Warning: do not set the instance manually, call SimpleSAML_Session::load() instead.

Definition at line 44 of file Session.php.

Referenced by getSessionFromRequest(), and load().

◆ $rememberMeExpire

SimpleSAML_Session::$rememberMeExpire = null
private

Definition at line 73 of file Session.php.

Referenced by getRememberMeExpire().

◆ $sessionId

SimpleSAML_Session::$sessionId
private

Definition at line 52 of file Session.php.

Referenced by createSession(), getSession(), and getSessionId().

◆ $sessions

SimpleSAML_Session::$sessions = array()
staticprivate

Definition at line 36 of file Session.php.

◆ $trackid

SimpleSAML_Session::$trackid = null
private

Definition at line 70 of file Session.php.

Referenced by getTrackID().

◆ $transient

SimpleSAML_Session::$transient = false
private

Definition at line 60 of file Session.php.

Referenced by __construct(), and isTransient().

◆ DATA_TIMEOUT_SESSION_END

const SimpleSAML_Session::DATA_TIMEOUT_SESSION_END = 'sessionEndTimeout'

This is a timeout value for setData, which indicates that the data should never be deleted, i.e.

lasts the whole session lifetime.

Definition at line 26 of file Session.php.

Referenced by SimpleSAML_Auth_Source\addLogoutCallback(), sspmod_multiauth_Auth_Source_MultiAuth\delegateAuthentication(), SimpleSAML_IdP\postAuthProc(), and setData().


The documentation for this class was generated from the following file: