This file defines a base class for session handling.
Instantiation of session handler objects should be done through
the class method getSessionHandler().
public function process(&$state) { assert('is_array($state)'); if (empty($state['Expire']) || empty($state['Authority'])) { return; } $now = time(); $delta = $state['Expire'] - $now; $globalConfig = SimpleSAML_Configuration::getInstance(); $sessionDuration = $globalConfig->getInteger('session.duration', 8 * 60 * 60); /* Extend only if half of session duration already passed */ if ($delta >= $sessionDuration * 0.5) { return; } /* Update authority expire time */ $session = SimpleSAML_Session::getSessionFromRequest(); $session->setAuthorityExpire($state['Authority']); /* Update session cookies duration */ /* If remember me is active */ $rememberMeExpire = $session->getRememberMeExpire(); if (!empty($state['RememberMe']) && $rememberMeExpire !== NULL && $globalConfig->getBoolean('session.rememberme.enable', FALSE)) { $session->setRememberMeExpire(); return; } /* Or if session lifetime is more than zero */ $sessionHandler = SimpleSAML_SessionHandler::getSessionHandler(); $cookieParams = $sessionHandler->getCookieParams(); if ($cookieParams['lifetime'] > 0) { $session->updateSessionCookies(); } }
/** * This constructor initializes the session id based on what we receive in a cookie. We create a new session id and * set a cookie with this id if we don't have a session id. */ protected function __construct() { // call the constructor in the base class in case it should become necessary in the future parent::__construct(); $config = SimpleSAML_Configuration::getInstance(); $this->cookie_name = $config->getString('session.cookie.name', 'SimpleSAMLSessionID'); }
protected function __construct() { /* Call the parent constructor in case it should become * necessary in the future. */ parent::__construct(); /* Initialize the php session handling. * * If session_id() returns a blank string, then we need * to call session start. Otherwise the session is already * started, and we should avoid calling session_start(). */ if (session_id() === '') { $config = SimpleSAML_Configuration::getInstance(); $cookiepath = $config->getBoolean('session.phpsession.limitedpath', FALSE) ? '/' . $config->getBaseURL() : '/'; session_set_cookie_params(0, $cookiepath, NULL, SimpleSAML_Utilities::isHTTPS()); $cookiename = $config->getString('session.phpsession.cookiename', NULL); if (!empty($cookiename)) { session_name($cookiename); } $savepath = $config->getString('session.phpsession.savepath', NULL); if (!empty($savepath)) { session_save_path($savepath); } if (!array_key_exists(session_name(), $_COOKIE)) { /* Session cookie unset - session id not set. Generate new (secure) session id. */ session_id(SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(16))); } session_start(); } }
/** * Initialize the session handler. * * This function creates an instance of the session handler which is * selected in the 'session.handler' configuration directive. If no * session handler is selected, then we will fall back to the default * PHP session handler. */ private static function createSessionHandler() { $store = SimpleSAML_Store::getInstance(); if ($store === FALSE) { self::$sessionHandler = new SimpleSAML_SessionHandlerPHP(); } else { self::$sessionHandler = new SimpleSAML_SessionHandlerStore($store); } }
protected function __construct() { /* Call the constructor in the base class in case it should * become necessary in the future. */ parent::__construct(); /* Attempt to retrieve the session id from the cookie. */ if (array_key_exists('SimpleSAMLSessionID', $_COOKIE)) { $this->session_id = $_COOKIE['SimpleSAMLSessionID']; } /* Check if we have a valid session id. */ if (self::isValidSessionID($this->session_id)) { /* We are done now if it was valid. */ return; } /* We don't have a valid session. Create a new session id. */ $this->session_id = self::createSessionID(); setcookie('SimpleSAMLSessionID', $this->session_id, 0, '/', NULL, self::secureCookie()); }
protected function __construct() { /* Call the constructor in the base class in case it should * become necessary in the future. */ parent::__construct(); /* Attempt to retrieve the session id from the cookie. */ if (array_key_exists('SimpleSAMLSessionID', $_COOKIE)) { $this->session_id = $_COOKIE['SimpleSAMLSessionID']; } /* We need to create a new session. */ if (headers_sent()) { throw new SimpleSAML_Error_Exception('Cannot create new session - headers already sent.'); } /* Check if we have a valid session id. */ if (self::isValidSessionID($this->session_id)) { /* We are done now if it was valid. */ return; } /* We don't have a valid session. Create a new session id. */ $this->session_id = self::createSessionID(); $this->setCookie('SimpleSAMLSessionID', $this->session_id); }
$password = $_REQUEST['password']; } else { $password = ''; } if (array_key_exists('organization', $_REQUEST)) { $organization = $_REQUEST['organization']; } elseif (isset($state['core:organization'])) { $organization = (string) $state['core:organization']; } else { $organization = ''; } $errorCode = NULL; if ($organizations === NULL || !empty($organization)) { if (!empty($username) && !empty($password)) { if ($source->getRememberUsernameEnabled()) { $sessionHandler = SimpleSAML_SessionHandler::getSessionHandler(); $params = $sessionHandler->getCookieParams(); $params['expire'] = time(); $params['expire'] += isset($_REQUEST['remember_username']) && $_REQUEST['remember_username'] == 'Yes' ? 31536000 : -300; setcookie($source->getAuthId() . '-username', $username, $params['expire'], $params['path'], $params['domain'], $params['secure'], $params['httponly']); } $errorCode = sspmod_core_Auth_UserPassOrgBase::handleLogin($authStateId, $username, $password, $organization); } } $globalConfig = SimpleSAML_Configuration::getInstance(); $t = new SimpleSAML_XHTML_Template($globalConfig, 'core:loginuserpass.php'); $t->data['stateparams'] = array('AuthState' => $authStateId); $t->data['username'] = $username; $t->data['forceUsername'] = FALSE; $t->data['rememberUsernameEnabled'] = $source->getRememberUsernameEnabled(); $t->data['rememberUsernameChecked'] = $source->getRememberUsernameChecked();
/** * This function logs the user out by deleting the session information from memcache. */ private function doLogout() { $cookieName = $this->getCookieName(); /* Check if we have a valid cookie. */ if (!array_key_exists($cookieName, $_COOKIE)) { return; } $sessionID = $_COOKIE[$cookieName]; /* Delete the session from memcache. */ $memcache = $this->getMemcache(); $memcache->delete($sessionID); /* Delete the session cookie. */ $sessionHandler = SimpleSAML_SessionHandler::getSessionHandler(); $sessionHandler->setCookie($cookieName, NULL); }
/** * Check whether the session cookie is set. * * This function will only return FALSE if is is certain that the cookie isn't set. * * @return bool TRUE if it was set, FALSE if not. */ public function hasSessionCookie() { $sh = SimpleSAML_SessionHandler::getSessionHandler(); return $sh->hasSessionCookie(); }
/** * Get the cookie parameters that should be used for session cookies. * * This function contains some adjustments from the default to provide backwards-compatibility. * * @return array * @link http://www.php.net/manual/en/function.session-get-cookie-params.php */ public function getCookieParams() { $config = SimpleSAML_Configuration::getInstance(); $ret = parent::getCookieParams(); if ($config->hasValue('session.phpsession.limitedpath') && $config->hasValue('session.cookie.path')) { throw new SimpleSAML_Error_Exception('You cannot set both the session.phpsession.limitedpath and session.cookie.path options.'); } elseif ($config->hasValue('session.phpsession.limitedpath')) { $ret['path'] = $config->getBoolean('session.phpsession.limitedpath', FALSE) ? '/' . $config->getBaseURL() : '/'; } $ret['httponly'] = $config->getBoolean('session.phpsession.httponly', FALSE); return $ret; }
/** * Log out of the given sessions. * * @param string $authId The authsource ID. * @param array $nameId The NameID of the user. * @param array $sessionIndexes The SessionIndexes we should log out of. Logs out of all if this is empty. * @returns int|FALSE Number of sessions logged out, or FALSE if not supported. */ public static function logoutSessions($authId, array $nameId, array $sessionIndexes) { assert('is_string($authId)'); $store = SimpleSAML_Store::getInstance(); if ($store === FALSE) { /* We don't have a datastore. */ return FALSE; } /* Normalize NameID. */ ksort($nameId); $strNameId = serialize($nameId); $strNameId = sha1($strNameId); /* Normalize SessionIndexes. */ foreach ($sessionIndexes as &$sessionIndex) { assert('is_string($sessionIndex)'); if (strlen($sessionIndex) > 50) { $sessionIndex = sha1($sessionIndex); } } unset($sessionIndex); // Remove reference if ($store instanceof SimpleSAML_Store_SQL) { $sessions = self::getSessionsSQL($store, $authId, $strNameId); } elseif (empty($sessionIndexes)) { /* We cannot fetch all sessions without a SQL store. */ return FALSE; } else { $sessions = self::getSessionsStore($store, $authId, $strNameId, $sessionIndexes); } if (empty($sessionIndexes)) { $sessionIndexes = array_keys($sessions); } $sessionHandler = SimpleSAML_SessionHandler::getSessionHandler(); $numLoggedOut = 0; foreach ($sessionIndexes as $sessionIndex) { if (!isset($sessions[$sessionIndex])) { SimpleSAML_Logger::info('saml.LogoutStore: Logout requested for unknown SessionIndex.'); continue; } $sessionId = $sessions[$sessionIndex]; $session = SimpleSAML_Session::getSession($sessionId); if ($session === NULL) { SimpleSAML_Logger::info('saml.LogoutStore: Skipping logout of missing session.'); continue; } if (!$session->isValid($authId)) { SimpleSAML_Logger::info('saml.LogoutStore: Skipping logout of session because it isn\'t authenticated.'); continue; } SimpleSAML_Logger::info('saml.LogoutStore: Logging out of session with trackId [' . $session->getTrackId() . '].'); $session->doLogout($authId); $numLoggedOut += 1; } return $numLoggedOut; }
/** * Initialize the session handler. * * This function creates an instance of the session handler which is * selected in the 'session.handler' configuration directive. If no * session handler is selected, then we will fall back to the default * PHP session handler. */ private static function createSessionHandler() { $store = SimpleSAML_Store::getInstance(); if ($store === false) { self::$sessionHandler = new SimpleSAML_SessionHandlerPHP(); } else { /** @var SimpleSAML_Store $store At this point, $store can only be an object */ self::$sessionHandler = new SimpleSAML_SessionHandlerStore($store); } }
/** * Initialize the session handler. * * This function creates an instance of the session handler which is * selected in the 'session.handler' configuration directive. If no * session handler is selected, then we will fall back to the default * PHP session handler. */ private static function createSessionHandler() { /* Get the configuration. */ $config = SimpleSAML_Configuration::getInstance(); assert($config instanceof SimpleSAML_Configuration); /* Get the session handler option from the configuration. */ $handler = $config->getString('session.handler', 'phpsession'); $handler = strtolower($handler); switch ($handler) { case 'phpsession': $sh = new SimpleSAML_SessionHandlerPHP(); break; case 'memcache': $sh = new SimpleSAML_SessionHandlerMemcache(); break; default: throw new SimpleSAML_Error_Exception('Invalid session handler specified in the \'session.handler\'-option.'); } /* Set the session handler. */ self::$sessionHandler = $sh; }
/** * Save the session to the session handler. * * This function will check the dirty-flag to check if the session has changed. */ public function saveSession() { if (!$this->dirty) { /* Session hasn't changed - don't bother saving it. */ return; } $this->dirty = FALSE; $sessionData = serialize($this); $sh = SimpleSAML_SessionHandler::getSessionHandler(); $sh->set('SimpleSAMLphp_SESSION', $sessionData); }
public static function createSessionHandler() { global $SIMPLESAML_INCPREFIX; /* Get the configuration. */ $config = SimpleSAML_Configuration::getInstance(); assert($config instanceof SimpleSAML_Configuration); /* Get the session handler option from the configuration. */ $handler = $config->getValue('session.handler', 'phpsession'); assert('is_string($handler)'); $handler = strtolower($handler); if ($handler === 'phpsession') { $sh = new SimpleSAML_SessionHandlerPHP(); } else { if ($handler === 'memcache') { $sh = new SimpleSAML_SessionHandlerMemcache(); } else { $e = 'Invalid value for the \'session.handler\'' . ' configuration option. Unknown session' . ' handler: ' . $handler; error_log($e); die($e); } } /* Set the session handler. */ self::$sessionHandler = $sh; }