Generate new session id for new sessions (issue #569).

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3271 44740490-163a-0410-bde0-09ae8108e29a
author: Andjelko Horvat <comel@vingd.com> 2013-09-05 12:36:31 +0000
committer: Andjelko Horvat <comel@vingd.com> 2013-09-05 12:36:31 +0000
commit: 406b169b2159f55dca84ddc5b0c38a09340ed81e (patch)
tree: d67df15f17893125f3876b9dcecdd699a854602a
parent: 5de12fa4d3f2a63a974b857cb6e86b888a92829c (diff)
download: simplesamlphp-406b169b2159f55dca84ddc5b0c38a09340ed81e.zip
simplesamlphp-406b169b2159f55dca84ddc5b0c38a09340ed81e.tar.gz
simplesamlphp-406b169b2159f55dca84ddc5b0c38a09340ed81e.tar.bz2
4 files changed, 55 insertions, 18 deletions
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index e373dc4..4cfd11c 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -163,7 +163,7 @@ class SimpleSAML_Session {
 		}
 
 		$sh = SimpleSAML_SessionHandler::getSessionHandler();
-		$this->sessionId = $sh->getCookieSessionId();
+		$this->sessionId = $sh->newSessionId();
 
 		$this->trackid = substr(md5(uniqid(rand(), true)), 0, 10);
 
diff --git a/lib/SimpleSAML/SessionHandler.php b/lib/SimpleSAML/SessionHandler.php
index a61844e..2d1a28c 100644
--- a/lib/SimpleSAML/SessionHandler.php
+++ b/lib/SimpleSAML/SessionHandler.php
@@ -48,6 +48,14 @@ abstract class SimpleSAML_SessionHandler {
 
 
 	/**
+	 * Create and set new session id.
+	 *
+	 * @return string  The new session id.
+	 */
+	abstract public function newSessionId();
+
+
+	/**
 	 * Retrieve the session id of saved in the session cookie.
 	 *
 	 * @return string  The session id saved in the cookie.
diff --git a/lib/SimpleSAML/SessionHandlerCookie.php b/lib/SimpleSAML/SessionHandlerCookie.php
index 9d6d846..7c5ae37 100644
--- a/lib/SimpleSAML/SessionHandlerCookie.php
+++ b/lib/SimpleSAML/SessionHandlerCookie.php
@@ -40,6 +40,20 @@ extends SimpleSAML_SessionHandler {
 
 
 	/**
+	 * Create and set new session id.
+	 *
+	 * @return string  The new session id.
+	 */
+	public function newSessionId() {
+		$this->session_id = self::createSessionID();
+		SimpleSAML_Session::createSession($this->session_id);
+		$this->setCookie($this->cookie_name, $this->session_id);
+
+		return $this->session_id;
+	}
+
+
+	/**
 	 * Retrieve the session id of saved in the session cookie.
 	 *
 	 * @return string  The session id saved in the cookie.
@@ -54,9 +68,7 @@ extends SimpleSAML_SessionHandler {
 			/* Check if we have a valid session id. */
 			if(!self::isValidSessionID($this->session_id)) {
 				/* We don't have a valid session. Create a new session id. */
-				$this->session_id = self::createSessionID();
-				SimpleSAML_Session::createSession($this->session_id);
-				$this->setCookie($this->cookie_name, $this->session_id);
+				return self::newSessionId();
 			}
 		}
 
@@ -115,5 +127,3 @@ extends SimpleSAML_SessionHandler {
 	}
 
 }
-
-?>
-\ No newline at end of file
diff --git a/lib/SimpleSAML/SessionHandlerPHP.php b/lib/SimpleSAML/SessionHandlerPHP.php
index 1d07f37..b95bdcb 100644
--- a/lib/SimpleSAML/SessionHandlerPHP.php
+++ b/lib/SimpleSAML/SessionHandlerPHP.php
@@ -54,30 +54,49 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler {
 
 
 	/**
+	 * Create and set new session id.
+	 *
+	 * @return string  The new session id.
+	 */
+	public function newSessionId() {
+		$session_cookie_params = session_get_cookie_params();
+
+		if ($session_cookie_params['secure'] && !SimpleSAML_Utilities::isHTTPS()) {
+			throw new SimpleSAML_Error_Exception('Session start with secure cookie not allowed on http.');
+		}
+
+		if (headers_sent()) {
+			throw new SimpleSAML_Error_Exception('Cannot create new session - headers already sent.');
+		}
+
+		/* Generate new (secure) session id. */
+		$sessionId = SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(16));
+		SimpleSAML_Session::createSession($sessionId);
+		session_id($sessionId);
+
+		session_start();
+
+		return session_id();
+	}
+
+
+	/**
 	 * Retrieve the session id of saved in the session cookie.
 	 *
 	 * @return string  The session id saved in the cookie.
 	 */
 	public function getCookieSessionId() {
 		if(session_id() === '') {
+			if(!self::hasSessionCookie()) {
+				return self::newSessionId();
+			}
+
 			$session_cookie_params = session_get_cookie_params();
 
 			if ($session_cookie_params['secure'] && !SimpleSAML_Utilities::isHTTPS()) {
 				throw new SimpleSAML_Error_Exception('Session start with secure cookie not allowed on http.');
 			}
 
-			if(!self::hasSessionCookie()) {
-
-				if (headers_sent()) {
-					throw new SimpleSAML_Error_Exception('Cannot create new session - headers already sent.');
-				}
-
-				/* Session cookie unset - session id not set. Generate new (secure) session id. */
-				$sessionId = SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(16));
-				SimpleSAML_Session::createSession($sessionId);
-				session_id($sessionId);
-			}
-			
 			session_start();
 		}
author	Andjelko Horvat <comel@vingd.com>	2013-09-05 12:36:31 +0000
committer	Andjelko Horvat <comel@vingd.com>	2013-09-05 12:36:31 +0000
commit	406b169b2159f55dca84ddc5b0c38a09340ed81e (patch)
tree	d67df15f17893125f3876b9dcecdd699a854602a
parent	5de12fa4d3f2a63a974b857cb6e86b888a92829c (diff)
download	simplesamlphp-406b169b2159f55dca84ddc5b0c38a09340ed81e.zip simplesamlphp-406b169b2159f55dca84ddc5b0c38a09340ed81e.tar.gz simplesamlphp-406b169b2159f55dca84ddc5b0c38a09340ed81e.tar.bz2