summaryrefslogtreecommitdiffstats
path: root/lib/SimpleSAML
diff options
context:
space:
mode:
authorJaime Perez Crespo <jaime.perez@uninett.no>2016-02-15 10:16:07 +0100
committerJaime Perez Crespo <jaime.perez@uninett.no>2016-02-15 10:17:31 +0100
commit38cb65773cc964a37b4b9ef5e2cc362d5df97bbf (patch)
treed6e342c99ca9ff6dca5e1f10a82aa0551bd1671e /lib/SimpleSAML
parent159e29f698c2ef5fb494e42ec52b5cd280014fae (diff)
downloadsimplesamlphp-38cb65773cc964a37b4b9ef5e2cc362d5df97bbf.zip
simplesamlphp-38cb65773cc964a37b4b9ef5e2cc362d5df97bbf.tar.gz
simplesamlphp-38cb65773cc964a37b4b9ef5e2cc362d5df97bbf.tar.bz2
Avoid the PHP session handler to generate errors when we try to retrieve a session after the headers being sent to the browser.
Diffstat (limited to 'lib/SimpleSAML')
-rw-r--r--lib/SimpleSAML/SessionHandlerPHP.php17
1 files changed, 17 insertions, 0 deletions
diff --git a/lib/SimpleSAML/SessionHandlerPHP.php b/lib/SimpleSAML/SessionHandlerPHP.php
index c8e9107..da031eb 100644
--- a/lib/SimpleSAML/SessionHandlerPHP.php
+++ b/lib/SimpleSAML/SessionHandlerPHP.php
@@ -118,7 +118,24 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler
throw new SimpleSAML_Error_Exception('Session start with secure cookie not allowed on http.');
}
+ $cacheLimiter = session_cache_limiter();
+ if (headers_sent()) {
+ /*
+ * session_start() tries to send HTTP headers depending on the configuration, according to the
+ * documentation:
+ *
+ * http://php.net/manual/en/function.session-start.php
+ *
+ * If headers have been already sent, it will then trigger an error since no more headers can be sent.
+ * Being unable to send headers does not mean we cannot recover the session by calling session_start(),
+ * so we still want to call it. In this case, though, we want to avoid session_start() to send any
+ * headers at all so that no error is generated, so we clear the cache limiter temporarily (no headers
+ * sent then) and restore it after successfully starting the session.
+ */
+ session_cache_limiter('');
+ }
session_start();
+ session_cache_limiter($cacheLimiter);
}
return session_id();