This file defines a base class for session handling.
Instantiation of session handler objects should be done through
the class method getSessionHandler().
public function process(&$state)
{
assert('is_array($state)');
if (empty($state['Expire']) || empty($state['Authority'])) {
return;
}
$now = time();
$delta = $state['Expire'] - $now;
$globalConfig = SimpleSAML_Configuration::getInstance();
$sessionDuration = $globalConfig->getInteger('session.duration', 8 * 60 * 60);
/* Extend only if half of session duration already passed */
if ($delta >= $sessionDuration * 0.5) {
return;
}
/* Update authority expire time */
$session = SimpleSAML_Session::getSessionFromRequest();
$session->setAuthorityExpire($state['Authority']);
/* Update session cookies duration */
/* If remember me is active */
$rememberMeExpire = $session->getRememberMeExpire();
if (!empty($state['RememberMe']) && $rememberMeExpire !== NULL && $globalConfig->getBoolean('session.rememberme.enable', FALSE)) {
$session->setRememberMeExpire();
return;
}
/* Or if session lifetime is more than zero */
$sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
$cookieParams = $sessionHandler->getCookieParams();
if ($cookieParams['lifetime'] > 0) {
$session->updateSessionCookies();
}
}
/**
* This constructor initializes the session id based on what we receive in a cookie. We create a new session id and
* set a cookie with this id if we don't have a session id.
*/
protected function __construct()
{
// call the constructor in the base class in case it should become necessary in the future
parent::__construct();
$config = SimpleSAML_Configuration::getInstance();
$this->cookie_name = $config->getString('session.cookie.name', 'SimpleSAMLSessionID');
}
protected function __construct()
{
/* Call the parent constructor in case it should become
* necessary in the future.
*/
parent::__construct();
/* Initialize the php session handling.
*
* If session_id() returns a blank string, then we need
* to call session start. Otherwise the session is already
* started, and we should avoid calling session_start().
*/
if (session_id() === '') {
$config = SimpleSAML_Configuration::getInstance();
$cookiepath = $config->getBoolean('session.phpsession.limitedpath', FALSE) ? '/' . $config->getBaseURL() : '/';
session_set_cookie_params(0, $cookiepath, NULL, SimpleSAML_Utilities::isHTTPS());
$cookiename = $config->getString('session.phpsession.cookiename', NULL);
if (!empty($cookiename)) {
session_name($cookiename);
}
$savepath = $config->getString('session.phpsession.savepath', NULL);
if (!empty($savepath)) {
session_save_path($savepath);
}
if (!array_key_exists(session_name(), $_COOKIE)) {
/* Session cookie unset - session id not set. Generate new (secure) session id. */
session_id(SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(16)));
}
session_start();
}
}
/**
* Initialize the session handler.
*
* This function creates an instance of the session handler which is
* selected in the 'session.handler' configuration directive. If no
* session handler is selected, then we will fall back to the default
* PHP session handler.
*/
private static function createSessionHandler()
{
$store = SimpleSAML_Store::getInstance();
if ($store === FALSE) {
self::$sessionHandler = new SimpleSAML_SessionHandlerPHP();
} else {
self::$sessionHandler = new SimpleSAML_SessionHandlerStore($store);
}
}
protected function __construct()
{
/* Call the constructor in the base class in case it should
* become necessary in the future.
*/
parent::__construct();
/* Attempt to retrieve the session id from the cookie. */
if (array_key_exists('SimpleSAMLSessionID', $_COOKIE)) {
$this->session_id = $_COOKIE['SimpleSAMLSessionID'];
}
/* Check if we have a valid session id. */
if (self::isValidSessionID($this->session_id)) {
/* We are done now if it was valid. */
return;
}
/* We don't have a valid session. Create a new session id. */
$this->session_id = self::createSessionID();
setcookie('SimpleSAMLSessionID', $this->session_id, 0, '/', NULL, self::secureCookie());
}
protected function __construct()
{
/* Call the constructor in the base class in case it should
* become necessary in the future.
*/
parent::__construct();
/* Attempt to retrieve the session id from the cookie. */
if (array_key_exists('SimpleSAMLSessionID', $_COOKIE)) {
$this->session_id = $_COOKIE['SimpleSAMLSessionID'];
}
/* We need to create a new session. */
if (headers_sent()) {
throw new SimpleSAML_Error_Exception('Cannot create new session - headers already sent.');
}
/* Check if we have a valid session id. */
if (self::isValidSessionID($this->session_id)) {
/* We are done now if it was valid. */
return;
}
/* We don't have a valid session. Create a new session id. */
$this->session_id = self::createSessionID();
$this->setCookie('SimpleSAMLSessionID', $this->session_id);
}
$password = $_REQUEST['password'];
} else {
$password = '';
}
if (array_key_exists('organization', $_REQUEST)) {
$organization = $_REQUEST['organization'];
} elseif (isset($state['core:organization'])) {
$organization = (string) $state['core:organization'];
} else {
$organization = '';
}
$errorCode = NULL;
if ($organizations === NULL || !empty($organization)) {
if (!empty($username) && !empty($password)) {
if ($source->getRememberUsernameEnabled()) {
$sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
$params = $sessionHandler->getCookieParams();
$params['expire'] = time();
$params['expire'] += isset($_REQUEST['remember_username']) && $_REQUEST['remember_username'] == 'Yes' ? 31536000 : -300;
setcookie($source->getAuthId() . '-username', $username, $params['expire'], $params['path'], $params['domain'], $params['secure'], $params['httponly']);
}
$errorCode = sspmod_core_Auth_UserPassOrgBase::handleLogin($authStateId, $username, $password, $organization);
}
}
$globalConfig = SimpleSAML_Configuration::getInstance();
$t = new SimpleSAML_XHTML_Template($globalConfig, 'core:loginuserpass.php');
$t->data['stateparams'] = array('AuthState' => $authStateId);
$t->data['username'] = $username;
$t->data['forceUsername'] = FALSE;
$t->data['rememberUsernameEnabled'] = $source->getRememberUsernameEnabled();
$t->data['rememberUsernameChecked'] = $source->getRememberUsernameChecked();
/**
* This function logs the user out by deleting the session information from memcache.
*/
private function doLogout()
{
$cookieName = $this->getCookieName();
/* Check if we have a valid cookie. */
if (!array_key_exists($cookieName, $_COOKIE)) {
return;
}
$sessionID = $_COOKIE[$cookieName];
/* Delete the session from memcache. */
$memcache = $this->getMemcache();
$memcache->delete($sessionID);
/* Delete the session cookie. */
$sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
$sessionHandler->setCookie($cookieName, NULL);
}
/**
* Check whether the session cookie is set.
*
* This function will only return FALSE if is is certain that the cookie isn't set.
*
* @return bool TRUE if it was set, FALSE if not.
*/
public function hasSessionCookie()
{
$sh = SimpleSAML_SessionHandler::getSessionHandler();
return $sh->hasSessionCookie();
}
/**
* Get the cookie parameters that should be used for session cookies.
*
* This function contains some adjustments from the default to provide backwards-compatibility.
*
* @return array
* @link http://www.php.net/manual/en/function.session-get-cookie-params.php
*/
public function getCookieParams()
{
$config = SimpleSAML_Configuration::getInstance();
$ret = parent::getCookieParams();
if ($config->hasValue('session.phpsession.limitedpath') && $config->hasValue('session.cookie.path')) {
throw new SimpleSAML_Error_Exception('You cannot set both the session.phpsession.limitedpath and session.cookie.path options.');
} elseif ($config->hasValue('session.phpsession.limitedpath')) {
$ret['path'] = $config->getBoolean('session.phpsession.limitedpath', FALSE) ? '/' . $config->getBaseURL() : '/';
}
$ret['httponly'] = $config->getBoolean('session.phpsession.httponly', FALSE);
return $ret;
}
/**
* Log out of the given sessions.
*
* @param string $authId The authsource ID.
* @param array $nameId The NameID of the user.
* @param array $sessionIndexes The SessionIndexes we should log out of. Logs out of all if this is empty.
* @returns int|FALSE Number of sessions logged out, or FALSE if not supported.
*/
public static function logoutSessions($authId, array $nameId, array $sessionIndexes)
{
assert('is_string($authId)');
$store = SimpleSAML_Store::getInstance();
if ($store === FALSE) {
/* We don't have a datastore. */
return FALSE;
}
/* Normalize NameID. */
ksort($nameId);
$strNameId = serialize($nameId);
$strNameId = sha1($strNameId);
/* Normalize SessionIndexes. */
foreach ($sessionIndexes as &$sessionIndex) {
assert('is_string($sessionIndex)');
if (strlen($sessionIndex) > 50) {
$sessionIndex = sha1($sessionIndex);
}
}
unset($sessionIndex);
// Remove reference
if ($store instanceof SimpleSAML_Store_SQL) {
$sessions = self::getSessionsSQL($store, $authId, $strNameId);
} elseif (empty($sessionIndexes)) {
/* We cannot fetch all sessions without a SQL store. */
return FALSE;
} else {
$sessions = self::getSessionsStore($store, $authId, $strNameId, $sessionIndexes);
}
if (empty($sessionIndexes)) {
$sessionIndexes = array_keys($sessions);
}
$sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
$numLoggedOut = 0;
foreach ($sessionIndexes as $sessionIndex) {
if (!isset($sessions[$sessionIndex])) {
SimpleSAML_Logger::info('saml.LogoutStore: Logout requested for unknown SessionIndex.');
continue;
}
$sessionId = $sessions[$sessionIndex];
$session = SimpleSAML_Session::getSession($sessionId);
if ($session === NULL) {
SimpleSAML_Logger::info('saml.LogoutStore: Skipping logout of missing session.');
continue;
}
if (!$session->isValid($authId)) {
SimpleSAML_Logger::info('saml.LogoutStore: Skipping logout of session because it isn\'t authenticated.');
continue;
}
SimpleSAML_Logger::info('saml.LogoutStore: Logging out of session with trackId [' . $session->getTrackId() . '].');
$session->doLogout($authId);
$numLoggedOut += 1;
}
return $numLoggedOut;
}
/**
* Initialize the session handler.
*
* This function creates an instance of the session handler which is
* selected in the 'session.handler' configuration directive. If no
* session handler is selected, then we will fall back to the default
* PHP session handler.
*/
private static function createSessionHandler()
{
$store = SimpleSAML_Store::getInstance();
if ($store === false) {
self::$sessionHandler = new SimpleSAML_SessionHandlerPHP();
} else {
/** @var SimpleSAML_Store $store At this point, $store can only be an object */
self::$sessionHandler = new SimpleSAML_SessionHandlerStore($store);
}
}
/**
* Initialize the session handler.
*
* This function creates an instance of the session handler which is
* selected in the 'session.handler' configuration directive. If no
* session handler is selected, then we will fall back to the default
* PHP session handler.
*/
private static function createSessionHandler()
{
/* Get the configuration. */
$config = SimpleSAML_Configuration::getInstance();
assert($config instanceof SimpleSAML_Configuration);
/* Get the session handler option from the configuration. */
$handler = $config->getString('session.handler', 'phpsession');
$handler = strtolower($handler);
switch ($handler) {
case 'phpsession':
$sh = new SimpleSAML_SessionHandlerPHP();
break;
case 'memcache':
$sh = new SimpleSAML_SessionHandlerMemcache();
break;
default:
throw new SimpleSAML_Error_Exception('Invalid session handler specified in the \'session.handler\'-option.');
}
/* Set the session handler. */
self::$sessionHandler = $sh;
}
/**
* Save the session to the session handler.
*
* This function will check the dirty-flag to check if the session has changed.
*/
public function saveSession()
{
if (!$this->dirty) {
/* Session hasn't changed - don't bother saving it. */
return;
}
$this->dirty = FALSE;
$sessionData = serialize($this);
$sh = SimpleSAML_SessionHandler::getSessionHandler();
$sh->set('SimpleSAMLphp_SESSION', $sessionData);
}
public static function createSessionHandler()
{
global $SIMPLESAML_INCPREFIX;
/* Get the configuration. */
$config = SimpleSAML_Configuration::getInstance();
assert($config instanceof SimpleSAML_Configuration);
/* Get the session handler option from the configuration. */
$handler = $config->getValue('session.handler', 'phpsession');
assert('is_string($handler)');
$handler = strtolower($handler);
if ($handler === 'phpsession') {
$sh = new SimpleSAML_SessionHandlerPHP();
} else {
if ($handler === 'memcache') {
$sh = new SimpleSAML_SessionHandlerMemcache();
} else {
$e = 'Invalid value for the \'session.handler\'' . ' configuration option. Unknown session' . ' handler: ' . $handler;
error_log($e);
die($e);
}
}
/* Set the session handler. */
self::$sessionHandler = $sh;
}
