* remove all session_start()

* execute session_start() in lassospkit_utils_session if $use_session == 1 * in endpoints/saml2 if an exception occur use it as the error message and return to the error relaystate * in autopersistent use the userID as a key if nothing else * add a timeout for lasso own session of 1 hour
0001-01-01 00:00:00 +00:00 · 0001-01-01 00:00:00 +00:00 · b8f8189c2b
parent f9dccf39fb
commit b8f8189c2b
5 changed files with 48 additions and 20 deletions
--- a/endpoints/liberty.php
+++ b/endpoints/liberty.php
@ -4,7 +4,6 @@ require_once("../include/lassospkit_dispatcher.inc.php");
 require_once("../include/lassospkit_metadata.inc.php");
 require_once("../include/lassospkit_utils.inc.php");

-session_start()
 dispatch(array('/login' => login,
               '/federate' => federate,
               '/ssoAssertionConsumer' => ssoAssertionConsumer,
--- a/endpoints/saml2.php
+++ b/endpoints/saml2.php
@ -8,8 +8,6 @@ require_once("../include/lassospkit_utils_session.inc.php");
 require_once("../include/lassospkit_dummysession.inc.php");
 require_once("../include/lassospkit_autopersistentsession.inc.php");

-session_start();
-
 function verifyReferer() {
    if (isset($_SERVER['HTTP_REFERER'])) {
        $host = $_SERVER['HTTP_REFERER'];
@ -41,8 +39,9 @@ dispatch(array('/login' => 'login',
               '/nidManagementResponse' => 'nidManagementResponse',
               '/metadata' => 'metadata'));
 } catch (Exception $e) {
-    lassospkit_showCode($e);
-    lassospkit_showCode(var_export($_SESSION,1));
+    $session = getSession();
+    LassoSPKitUtilsSession::setLastError($e->__toString());
+    $session->doRedirect(LassoSPKitUtilsSession::getRelayState('error'));
 }
 // TODO fill implementation
 function finishRequest($method, $profileStr, $session, $ret) {
@ -70,8 +69,6 @@ function getSession() {
    $session_class = "LassoSPKit" . LassoSPKitConfig::get('session');
    return new $session_class();
 }
-function detectMethodAssertionConsumer() {
-}
 function login() {
    verifyReferer();
    $saml2 = new LassoSPKitSAML2(new LassoSPKitDummySession());
--- a/exemples/index.php
+++ b/exemples/index.php
@ -1,6 +1,4 @@
 <?php
-session_start();
-
 require_once('spkitlasso/include/lassospkit_public_api.inc.php');
 require_once('spkitlasso/include/lassospkit_debug.inc.php');
 require_once('spkitlasso/include/lassospkit_utils.inc.php');
@ -35,6 +33,7 @@ if ($federation) {
    lassospkit_set_federation($federation);
 }
 ?>
+<li><? echo lassospkit_showCode(var_export($_COOKIE, 1)); ?></li>
 <li>NameId: <? echo lassospkit_showCode(var_export($nameid,1)) ?></li>
 <li>UserId: <? echo lassospkit_showCode($userid) ?></li>
 <li>Error: <? echo lassospkit_showCode($error) ?></li>
--- a/include/lassospkit_autopersistentsession.inc.php
+++ b/include/lassospkit_autopersistentsession.inc.php
@ -19,6 +19,12 @@ class LassoSPKitAutoPersistentSession extends LassoSPKitDummySession {
        lassospkit_debuglog("looking for session for $nameID");
        if (! $nameID) {
            $nameID = array_pop(LassoSPKitUtilsSession::getNameID());
+            if (! $nameID) {
+                $userID = LassoSPKitUtilsSession::getUserID();
+                if ($userID) {
+                    $nameID = md5($userID);
+                }
+            }
        }
        $federation = $this->storage->get($nameID);
        if ($federation == null) {
@ -36,6 +42,10 @@ class LassoSPKitAutoPersistentSession extends LassoSPKitDummySession {
            foreach ($nameIDs as $otherID) {
                $this->storage->alias($firstID, $otherID);
            }
+            $userID = LassoSPKitUtilsSession::getUserID();
+            if ($userID) {
+                $this->storage->alias(md5($userID));
+            }
        }
        parent::saveFederation();
    }
@ -47,4 +57,7 @@ class LassoSPKitAutoPersistentSession extends LassoSPKitDummySession {
        }
        parent::saveFederation();
    }
+    function logout() {
+        LassoSPKitUtilsSession::logout();
+    }
 }
--- a/include/lassospkit_utils_session.inc.php
+++ b/include/lassospkit_utils_session.inc.php
@ -13,6 +13,9 @@ require_once("lassospkit_datadir.inc.php");

 */
 LassoSPKitUtilsSession::$cookiename = LassoSPKitConfig::get('cookiename');
+if (LassoSPKitUtilsSession::$use_session) {
+    session_start();
+}
 class LassoSPKitUtilsSession {
    private static $key = "__LassoSPKitSessionObject";
    public static $cookiename;
@ -52,7 +55,8 @@ class LassoSPKitUtilsSession {
            'federateParams'=>0,
            'sloParams'=>0,
            'defederationParams'=>0);
-    private static $use_session = 0;
+    public static $use_session = 0;
+    static private $timeout = 3600;
    private $id = null;

    private function __construct() {
@ -73,12 +77,17 @@ class LassoSPKitUtilsSession {
                    if (! file_exists($filepath)) {
                        lassospkit_debuglog("$filepath does not exist but cookie exists.");
                    }
-                    $content = @file_get_contents($filepath);
-                    if ($content === FALSE) {
-                        lassospkit_debuglog("cannot read $filepath");
+                    if (time()-filemtime($filepath) < self::$timeout) {
+                        $content = @file_get_contents($filepath);
+                        if ($content === FALSE) {
+                            lassospkit_debuglog("cannot read $filepath");
+                        }
+                    } else {
+                        $this->delete();
                    }
                }
-            } else {
+            }
+            if (! $content) {
                $this->id = md5("lasso" . rand());
                setcookie(self::$cookiename, $this->id);
            }
@ -90,7 +99,7 @@ class LassoSPKitUtilsSession {
            } else {
                // Malformed session object, reset
                $this->vars = array();
-                self::clear();
+                $this->delete();
            }
        } else {
            $this->vars = array();
@ -106,9 +115,11 @@ class LassoSPKitUtilsSession {
        if (self::$use_session) {
            $_SESSION[self::$key] = $content;     
        } else {
-            $ret = @file_put_contents(lassospkit_datadir() . "/cookie_session_" . $this->id, $content);
-            if ($ret === FALSE) {
-                lassospkit_debuglog("cannot write into " . lassospkit_datadir() . "/cookie_session_" . $this->id);
+            if ($this->id) {
+                $ret = @file_put_contents(lassospkit_datadir() . "/cookie_session_" . $this->id, $content);
+                if ($ret === FALSE) {
+                    lassospkit_debuglog("cannot write into " . lassospkit_datadir() . "/cookie_session_" . $this->id);
+                }
            }
        }
    }
@ -160,10 +171,19 @@ class LassoSPKitUtilsSession {
    
    /* Helper static functions */

+    function delete() {
+        $filepath = lassospkit_datadir() . "/cookie_session_" . $this->id;
+        @unlink($filepath);
+    }
    /** Clear the session object of all communication
     from the LassoSPKit. */
-    static function clear() {
-        unset($_SESSION[self::$key]);
+    function clear() {
+        $this->id = null;
+        $this->delete();
+    }
+    static function logout() {
+        $athis = self::getSingleton();
+        $athis->clear();
    }
    /** Set the NameID to transmit. */
    static function setNameID($NameID) {