/** * @param boolean $destroy * * @return boolean */ public function logout($destroy = false) { if ($destroy === true) { $this->session->invalidate(); } else { $this->session->remove(self::USER_ID); $this->session->remove(self::USER_NAME); $this->session->remove(self::USER_GROUPS); $this->session->migrate(); } return !$this->isLogin(); }
public function migrate($destroy = false, $lifetime = 86400) { parent::migrate($destroy, null); $session_id = $this->getId(); cookie_remove('chestnut_session'); cookie('chestnut_session', $session_id, $lifetime); }
/** * Regenerates the session ID * * @return void */ public function regenerateId() { if ($this->container instanceof WP_Session) { $this->container->regenerate_id(); } else { $this->container->migrate(); } }
/** * Set the user logged in * @param int $user_id * @param boolean $regenerate regenerate session id against session fixation? */ protected function setUserLoggedIn($user_id, $regenerate = false) { if ($regenerate) { $this->session->migrate(); } $this->session->set('user_id', $user_id); $this->session->set('user_logged_in', 1); // declare user id, set the login status to true $this->user_id = $user_id; $this->user_is_logged_in = true; }
/** * @Route("/", name="homepage") */ public function indexAction(Request $request) { $session = $request->getSession(); if ($session == null) { $session = new Session(); } if (!$session->isStarted()) { $session->start(); } //new sessionID if session existed already. $session->migrate(); if ($session->has('originalSessionID')) { $session->remove('originalSessionID'); } return $this->render('default/index.html.twig'); }
/** * Apply the Session Strategy * * @return void */ protected function applySessionStrategy() { if (!$this->session->isStarted()) { return $this->session->start(); } switch ($this->strategy) { case self::STRATEGY_MIGRATE: $this->session->migrate(); break; case self::STRATEGY_INVALIDATES: $this->session->invalidate(); break; default: throw new \RuntimeException('Session strategy should be "migrate" or "invalidate"'); } }
/** * @param GetResponseEvent $event */ private function handleEvent(GetResponseEvent $event) { if ($this->tokenStorage->getToken()) { return; } if (!$this->samlInteractionProvider->isSamlAuthenticationInitiated()) { $this->sendAuthnRequest($event); return; } $expectedInResponseTo = $this->stateHandler->getRequestId(); $logger = $this->logger; try { $assertion = $this->samlInteractionProvider->processSamlResponse($event->getRequest()); } catch (PreconditionNotMetException $e) { $logger->notice(sprintf('SAML response precondition not met: "%s"', $e->getMessage())); $this->setPreconditionExceptionResponse($e, $event); return; } catch (Exception $e) { $logger->error(sprintf('Failed SAMLResponse Parsing: "%s"', $e->getMessage())); throw new AuthenticationException('Failed SAMLResponse parsing', 0, $e); } if (!InResponseTo::assertEquals($assertion, $expectedInResponseTo)) { $logger->error('Unknown or unexpected InResponseTo in SAMLResponse'); throw new AuthenticationException('Unknown or unexpected InResponseTo in SAMLResponse'); } $logger->notice('Successfully processed SAMLResponse, attempting to authenticate'); $token = new SamlToken(); $token->assertion = $assertion; try { $authToken = $this->authenticationManager->authenticate($token); } catch (AuthenticationException $failed) { $logger->error(sprintf('Authentication Failed, reason: "%s"', $failed->getMessage())); $this->setAuthenticationFailedResponse($event); return; } $this->tokenStorage->setToken($authToken); // migrate the session to prevent session hijacking $this->session->migrate(); $event->setResponse(new RedirectResponse($this->stateHandler->getCurrentRequestUri())); $logger->notice('Authentication succeeded, redirecting to original location'); }
/** * @return void */ public function regenerateId() { $this->session->migrate(); }
/** * {@inheritDoc} * * This method also regenerates a session token and persists * session container services * * @see persistServices() * @see parent::migrate() */ public function migrate($destroy = false, $lifetime = null) { $lastSessionId = session_id(); if (!$destroy) { $this->persistServices(); } parent::migrate(); if (!$destroy && !empty($lastSessionId)) { // regenerate token too $this->getToken(true); // keep old session id for reference $this->set('lastSessionId', $lastSessionId); } }
/** * @return null */ public function regenerate() { return parent::migrate(TRUE); }