Get a session from the session handler.
| public static getSession ( string | null $sessionId = null ) : SimpleSAML_Session | ||
| $sessionId | string | null | The session we should get, or null to get the current session. |
| return | SimpleSAML_Session | The session that is stored in the session handler, or null if the session wasn't found. |
/* Load simpleSAMLphp, configuration and metadata */
$casconfig = SimpleSAML_Configuration::getConfig('module_casserver.php');
if (!$casconfig->getValue('enable_logout', false)) {
$message = 'Logout not allowed';
SimpleSAML_Logger::debug('casserver:' . $message);
throw new Exception($message);
}
$skipLogoutPage = $casconfig->getValue('skip_logout_page', false);
if ($skipLogoutPage && !array_key_exists('url', $_GET)) {
$message = 'Required URL query parameter [url] not provided. (CAS Server)';
SimpleSAML_Logger::debug('casserver:' . $message);
throw new Exception($message);
}
/* Load simpleSAMLphp metadata */
$as = new SimpleSAML_Auth_Simple($casconfig->getValue('authsource'));
$session = SimpleSAML_Session::getSession();
if (!is_null($session)) {
$ticketStoreConfig = $casconfig->getValue('ticketstore', array('class' => 'casserver:FileSystemTicketStore'));
$ticketStoreClass = SimpleSAML_Module::resolveClass($ticketStoreConfig['class'], 'Cas_Ticket');
$ticketStore = new $ticketStoreClass($casconfig);
$ticketStore->deleteTicket($session->getSessionId());
}
if ($as->isAuthenticated()) {
SimpleSAML_Logger::debug('casserver: performing a real logout');
if ($casconfig->getValue('skip_logout_page', false)) {
$as->logout($_GET['url']);
} else {
$as->logout(SimpleSAML\Utils\HTTP::addURLParameters(SimpleSAML_Module::getModuleURL('casserver/loggedOut.php'), array_key_exists('url', $_GET) ? array('url' => $_GET['url']) : array()));
}
} else {
SimpleSAML_Logger::debug('casserver: no session to log out of, performing redirect');
*
* @package simpleSAMLphp
*/
if (array_key_exists('RedirId', $_REQUEST)) {
$postId = $_REQUEST['RedirId'];
$session = SimpleSAML_Session::getSessionFromRequest();
} elseif (array_key_exists('RedirInfo', $_REQUEST)) {
$encData = base64_decode($_REQUEST['RedirInfo']);
if (empty($encData)) {
throw new SimpleSAML_Error_BadRequest('Invalid RedirInfo data.');
}
list($sessionId, $postId) = explode(':', SimpleSAML\Utils\Crypto::aesDecrypt($encData));
if (empty($sessionId) || empty($postId)) {
throw new SimpleSAML_Error_BadRequest('Invalid session info data.');
}
$session = SimpleSAML_Session::getSession($sessionId);
} else {
throw new SimpleSAML_Error_BadRequest('Missing redirection info parameter.');
}
if ($session === NULL) {
throw new Exception('Unable to load session.');
}
$postData = $session->getData('core_postdatalink', $postId);
if ($postData === NULL) {
/* The post data is missing, probably because it timed out. */
throw new Exception('The POST data we should restore was lost.');
}
$session->deleteData('core_postdatalink', $postId);
assert('is_array($postData)');
assert('array_key_exists("url", $postData)');
assert('array_key_exists("post", $postData)');
/**
* Log out of the given sessions.
*
* @param string $authId The authsource ID.
* @param array $nameId The NameID of the user.
* @param array $sessionIndexes The SessionIndexes we should log out of. Logs out of all if this is empty.
* @returns int|FALSE Number of sessions logged out, or FALSE if not supported.
*/
public static function logoutSessions($authId, array $nameId, array $sessionIndexes)
{
assert('is_string($authId)');
$store = SimpleSAML_Store::getInstance();
if ($store === FALSE) {
/* We don't have a datastore. */
return FALSE;
}
/* Normalize NameID. */
ksort($nameId);
$strNameId = serialize($nameId);
$strNameId = sha1($strNameId);
/* Normalize SessionIndexes. */
foreach ($sessionIndexes as &$sessionIndex) {
assert('is_string($sessionIndex)');
if (strlen($sessionIndex) > 50) {
$sessionIndex = sha1($sessionIndex);
}
}
unset($sessionIndex);
// Remove reference
if ($store instanceof SimpleSAML_Store_SQL) {
$sessions = self::getSessionsSQL($store, $authId, $strNameId);
} elseif (empty($sessionIndexes)) {
/* We cannot fetch all sessions without a SQL store. */
return FALSE;
} else {
$sessions = self::getSessionsStore($store, $authId, $strNameId, $sessionIndexes);
}
if (empty($sessionIndexes)) {
$sessionIndexes = array_keys($sessions);
}
$sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
$numLoggedOut = 0;
foreach ($sessionIndexes as $sessionIndex) {
if (!isset($sessions[$sessionIndex])) {
SimpleSAML_Logger::info('saml.LogoutStore: Logout requested for unknown SessionIndex.');
continue;
}
$sessionId = $sessions[$sessionIndex];
$session = SimpleSAML_Session::getSession($sessionId);
if ($session === NULL) {
SimpleSAML_Logger::info('saml.LogoutStore: Skipping logout of missing session.');
continue;
}
if (!$session->isValid($authId)) {
SimpleSAML_Logger::info('saml.LogoutStore: Skipping logout of session because it isn\'t authenticated.');
continue;
}
SimpleSAML_Logger::info('saml.LogoutStore: Logging out of session with trackId [' . $session->getTrackId() . '].');
$session->doLogout($authId);
$numLoggedOut += 1;
}
return $numLoggedOut;
}
