diff options
Diffstat (limited to 'lib/SimpleSAML')
| -rw-r--r-- | lib/SimpleSAML/Session.php | 17 | ||||
| -rw-r--r-- | lib/SimpleSAML/SessionHandler.php | 2 | ||||
| -rw-r--r-- | lib/SimpleSAML/SessionHandlerPHP.php | 38 |
3 files changed, 56 insertions, 1 deletions
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php index 6ab6834..153478a 100644 --- a/lib/SimpleSAML/Session.php +++ b/lib/SimpleSAML/Session.php @@ -377,6 +377,23 @@ class SimpleSAML_Session } } + + /** + * Save the current session and clean any left overs that could interfere with the normal application behaviour. + * + * Use this method if you are using PHP sessions in your application *and* in SimpleSAMLphp, *after* you are done + * using SimpleSAMLphp and before trying to access your application's session again. + */ + public function cleanup() + { + $this->save(); + $sh = SimpleSAML_SessionHandler::getSessionHandler(); + if ($sh instanceof SimpleSAML_SessionHandlerPHP) { + $sh->restorePrevious(); + } + } + + /** * Mark this session as dirty. * diff --git a/lib/SimpleSAML/SessionHandler.php b/lib/SimpleSAML/SessionHandler.php index 8d14c09..23d826f 100644 --- a/lib/SimpleSAML/SessionHandler.php +++ b/lib/SimpleSAML/SessionHandler.php @@ -23,7 +23,7 @@ abstract class SimpleSAML_SessionHandler * * @var SimpleSAML_SessionHandler */ - private static $sessionHandler = null; + protected static $sessionHandler = null; /** diff --git a/lib/SimpleSAML/SessionHandlerPHP.php b/lib/SimpleSAML/SessionHandlerPHP.php index 9126eab..09f7063 100644 --- a/lib/SimpleSAML/SessionHandlerPHP.php +++ b/lib/SimpleSAML/SessionHandlerPHP.php @@ -74,9 +74,47 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler $savepath = $config->getString('session.phpsession.savepath', null); if (!empty($savepath)) { session_save_path($savepath); + } + } + /** + * Restore a previously-existing session. + * + * Use this method to restore a previous PHP session existing before SimpleSAMLphp initialized its own session. + * + * WARNING: do not use this method directly, unless you know what you are doing. Calling this method directly, + * outside of SimpleSAML_Session, could cause SimpleSAMLphp's session to be lost or mess the application's one. The + * session must always be saved properly before calling this method. If you don't understand what this is about, + * don't use this method. + */ + public function restorePrevious() + { + if (empty($this->previous_session)) { + return; // nothing to do here } + + // close our own session + session_write_close(); + + session_name($this->previous_session['name']); + session_set_cookie_params( + $this->previous_session['cookie_params']['lifetime'], + $this->previous_session['cookie_params']['path'], + $this->previous_session['cookie_params']['domain'], + $this->previous_session['cookie_params']['secure'], + $this->previous_session['cookie_params']['httponly'] + ); + session_id($this->previous_session['id']); + $this->previous_session = array(); + session_start(); + + /* + * At this point, we have restored a previously-existing session, so we can't continue to use our session here. + * Therefore, we need to load our session again in case we need it. We remove this handler from the parent + * class so that the handler is initialized again if we ever need to do something with the session. + */ + parent::$sessionHandler = null; } |