diff options
| author | Jaime Perez Crespo <jaime.perez@uninett.no> | 2015-10-26 10:48:44 +0100 |
|---|---|---|
| committer | Jaime Perez Crespo <jaime.perez@uninett.no> | 2015-10-26 10:48:44 +0100 |
| commit | a0407d17cccc4a00aa1cec4b18e613019adf8744 (patch) | |
| tree | ed2dfb39bc93944cdc4808311ff12aaf32373e02 /lib/SimpleSAML | |
| parent | 72d787c20bf70701f6627e6481136a843ce96d71 (diff) | |
| download | simplesamlphp-a0407d17cccc4a00aa1cec4b18e613019adf8744.zip simplesamlphp-a0407d17cccc4a00aa1cec4b18e613019adf8744.tar.gz simplesamlphp-a0407d17cccc4a00aa1cec4b18e613019adf8744.tar.bz2 | |
Avoid session cookies being set twice, hopefully for good.
Diffstat (limited to 'lib/SimpleSAML')
| -rw-r--r-- | lib/SimpleSAML/SessionHandler.php | 4 | ||||
| -rw-r--r-- | lib/SimpleSAML/SessionHandlerCookie.php | 8 | ||||
| -rw-r--r-- | lib/SimpleSAML/SessionHandlerPHP.php | 6 | ||||
| -rw-r--r-- | lib/SimpleSAML/SessionHandlerStore.php | 4 |
4 files changed, 13 insertions, 9 deletions
diff --git a/lib/SimpleSAML/SessionHandler.php b/lib/SimpleSAML/SessionHandler.php index debfba0..8d14c09 100644 --- a/lib/SimpleSAML/SessionHandler.php +++ b/lib/SimpleSAML/SessionHandler.php @@ -62,9 +62,9 @@ abstract class SimpleSAML_SessionHandler /** - * Retrieve the session id of saved in the session cookie. + * Retrieve the session ID saved in the session cookie, if there's one. * - * @return string The session id saved in the cookie. + * @return string|null The session id saved in the cookie or null if no session cookie was set. */ abstract public function getCookieSessionId(); diff --git a/lib/SimpleSAML/SessionHandlerCookie.php b/lib/SimpleSAML/SessionHandlerCookie.php index f0b56cc..c8409a8 100644 --- a/lib/SimpleSAML/SessionHandlerCookie.php +++ b/lib/SimpleSAML/SessionHandlerCookie.php @@ -60,9 +60,9 @@ abstract class SimpleSAML_SessionHandlerCookie extends SimpleSAML_SessionHandler /** - * Retrieve the session id of saved in the session cookie. + * Retrieve the session ID saved in the session cookie, if there's one. * - * @return string The session id saved in the cookie. + * @return string|null The session id saved in the cookie or null if no session cookie was set. */ public function getCookieSessionId() { @@ -74,8 +74,8 @@ abstract class SimpleSAML_SessionHandlerCookie extends SimpleSAML_SessionHandler // check if we have a valid session id if (!self::isValidSessionID($this->session_id)) { - // we don't have a valid session. Create a new session id - return self::newSessionId(); + // invalid, disregard this session + return null; } } diff --git a/lib/SimpleSAML/SessionHandlerPHP.php b/lib/SimpleSAML/SessionHandlerPHP.php index 7bc7a17..c8e9107 100644 --- a/lib/SimpleSAML/SessionHandlerPHP.php +++ b/lib/SimpleSAML/SessionHandlerPHP.php @@ -99,9 +99,9 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler /** - * Retrieve the session id of saved in the session cookie. + * Retrieve the session ID saved in the session cookie, if there's one. * - * @return string The session id saved in the cookie. + * @return string|null The session id saved in the cookie or null if no session cookie was set. * * @throws SimpleSAML_Error_Exception If the cookie is marked as secure but we are not using HTTPS. */ @@ -109,7 +109,7 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler { if (session_id() === '') { if (!self::hasSessionCookie()) { - return self::newSessionId(); + return null; } $session_cookie_params = session_get_cookie_params(); diff --git a/lib/SimpleSAML/SessionHandlerStore.php b/lib/SimpleSAML/SessionHandlerStore.php index ecf7154..9006880 100644 --- a/lib/SimpleSAML/SessionHandlerStore.php +++ b/lib/SimpleSAML/SessionHandlerStore.php @@ -43,6 +43,10 @@ class SimpleSAML_SessionHandlerStore extends SimpleSAML_SessionHandlerCookie if ($sessionId === null) { $sessionId = $this->getCookieSessionId(); + if ($sessionId === null) { + // no session cookie, nothing to load + return null; + } } $session = $this->store->get('session', $sessionId); |