diff options
author | Jaime Perez Crespo <jaime.perez@uninett.no> | 2016-02-15 10:16:07 +0100 |
---|---|---|
committer | Jaime Perez Crespo <jaime.perez@uninett.no> | 2016-02-15 10:17:31 +0100 |
commit | 38cb65773cc964a37b4b9ef5e2cc362d5df97bbf (patch) | |
tree | d6e342c99ca9ff6dca5e1f10a82aa0551bd1671e /lib/SimpleSAML | |
parent | 159e29f698c2ef5fb494e42ec52b5cd280014fae (diff) | |
download | simplesamlphp-38cb65773cc964a37b4b9ef5e2cc362d5df97bbf.zip simplesamlphp-38cb65773cc964a37b4b9ef5e2cc362d5df97bbf.tar.gz simplesamlphp-38cb65773cc964a37b4b9ef5e2cc362d5df97bbf.tar.bz2 |
Avoid the PHP session handler to generate errors when we try to retrieve a session after the headers being sent to the browser.
Diffstat (limited to 'lib/SimpleSAML')
-rw-r--r-- | lib/SimpleSAML/SessionHandlerPHP.php | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/lib/SimpleSAML/SessionHandlerPHP.php b/lib/SimpleSAML/SessionHandlerPHP.php index c8e9107..da031eb 100644 --- a/lib/SimpleSAML/SessionHandlerPHP.php +++ b/lib/SimpleSAML/SessionHandlerPHP.php @@ -118,7 +118,24 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler throw new SimpleSAML_Error_Exception('Session start with secure cookie not allowed on http.'); } + $cacheLimiter = session_cache_limiter(); + if (headers_sent()) { + /* + * session_start() tries to send HTTP headers depending on the configuration, according to the + * documentation: + * + * http://php.net/manual/en/function.session-start.php + * + * If headers have been already sent, it will then trigger an error since no more headers can be sent. + * Being unable to send headers does not mean we cannot recover the session by calling session_start(), + * so we still want to call it. In this case, though, we want to avoid session_start() to send any + * headers at all so that no error is generated, so we clear the cache limiter temporarily (no headers + * sent then) and restore it after successfully starting the session. + */ + session_cache_limiter(''); + } session_start(); + session_cache_limiter($cacheLimiter); } return session_id(); |