* remove all session_start()
* execute session_start() in lassospkit_utils_session if $use_session == 1 * in endpoints/saml2 if an exception occur use it as the error message and return to the error relaystate * in autopersistent use the userID as a key if nothing else * add a timeout for lasso own session of 1 hour
This commit is contained in:
parent
f9dccf39fb
commit
b8f8189c2b
|
@ -4,7 +4,6 @@ require_once("../include/lassospkit_dispatcher.inc.php");
|
|||
require_once("../include/lassospkit_metadata.inc.php");
|
||||
require_once("../include/lassospkit_utils.inc.php");
|
||||
|
||||
session_start()
|
||||
dispatch(array('/login' => login,
|
||||
'/federate' => federate,
|
||||
'/ssoAssertionConsumer' => ssoAssertionConsumer,
|
||||
|
|
|
@ -8,8 +8,6 @@ require_once("../include/lassospkit_utils_session.inc.php");
|
|||
require_once("../include/lassospkit_dummysession.inc.php");
|
||||
require_once("../include/lassospkit_autopersistentsession.inc.php");
|
||||
|
||||
session_start();
|
||||
|
||||
function verifyReferer() {
|
||||
if (isset($_SERVER['HTTP_REFERER'])) {
|
||||
$host = $_SERVER['HTTP_REFERER'];
|
||||
|
@ -41,8 +39,9 @@ dispatch(array('/login' => 'login',
|
|||
'/nidManagementResponse' => 'nidManagementResponse',
|
||||
'/metadata' => 'metadata'));
|
||||
} catch (Exception $e) {
|
||||
lassospkit_showCode($e);
|
||||
lassospkit_showCode(var_export($_SESSION,1));
|
||||
$session = getSession();
|
||||
LassoSPKitUtilsSession::setLastError($e->__toString());
|
||||
$session->doRedirect(LassoSPKitUtilsSession::getRelayState('error'));
|
||||
}
|
||||
// TODO fill implementation
|
||||
function finishRequest($method, $profileStr, $session, $ret) {
|
||||
|
@ -70,8 +69,6 @@ function getSession() {
|
|||
$session_class = "LassoSPKit" . LassoSPKitConfig::get('session');
|
||||
return new $session_class();
|
||||
}
|
||||
function detectMethodAssertionConsumer() {
|
||||
}
|
||||
function login() {
|
||||
verifyReferer();
|
||||
$saml2 = new LassoSPKitSAML2(new LassoSPKitDummySession());
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
<?php
|
||||
session_start();
|
||||
|
||||
require_once('spkitlasso/include/lassospkit_public_api.inc.php');
|
||||
require_once('spkitlasso/include/lassospkit_debug.inc.php');
|
||||
require_once('spkitlasso/include/lassospkit_utils.inc.php');
|
||||
|
@ -35,6 +33,7 @@ if ($federation) {
|
|||
lassospkit_set_federation($federation);
|
||||
}
|
||||
?>
|
||||
<li><? echo lassospkit_showCode(var_export($_COOKIE, 1)); ?></li>
|
||||
<li>NameId: <? echo lassospkit_showCode(var_export($nameid,1)) ?></li>
|
||||
<li>UserId: <? echo lassospkit_showCode($userid) ?></li>
|
||||
<li>Error: <? echo lassospkit_showCode($error) ?></li>
|
||||
|
|
|
@ -19,6 +19,12 @@ class LassoSPKitAutoPersistentSession extends LassoSPKitDummySession {
|
|||
lassospkit_debuglog("looking for session for $nameID");
|
||||
if (! $nameID) {
|
||||
$nameID = array_pop(LassoSPKitUtilsSession::getNameID());
|
||||
if (! $nameID) {
|
||||
$userID = LassoSPKitUtilsSession::getUserID();
|
||||
if ($userID) {
|
||||
$nameID = md5($userID);
|
||||
}
|
||||
}
|
||||
}
|
||||
$federation = $this->storage->get($nameID);
|
||||
if ($federation == null) {
|
||||
|
@ -36,6 +42,10 @@ class LassoSPKitAutoPersistentSession extends LassoSPKitDummySession {
|
|||
foreach ($nameIDs as $otherID) {
|
||||
$this->storage->alias($firstID, $otherID);
|
||||
}
|
||||
$userID = LassoSPKitUtilsSession::getUserID();
|
||||
if ($userID) {
|
||||
$this->storage->alias(md5($userID));
|
||||
}
|
||||
}
|
||||
parent::saveFederation();
|
||||
}
|
||||
|
@ -47,4 +57,7 @@ class LassoSPKitAutoPersistentSession extends LassoSPKitDummySession {
|
|||
}
|
||||
parent::saveFederation();
|
||||
}
|
||||
function logout() {
|
||||
LassoSPKitUtilsSession::logout();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -13,6 +13,9 @@ require_once("lassospkit_datadir.inc.php");
|
|||
|
||||
*/
|
||||
LassoSPKitUtilsSession::$cookiename = LassoSPKitConfig::get('cookiename');
|
||||
if (LassoSPKitUtilsSession::$use_session) {
|
||||
session_start();
|
||||
}
|
||||
class LassoSPKitUtilsSession {
|
||||
private static $key = "__LassoSPKitSessionObject";
|
||||
public static $cookiename;
|
||||
|
@ -52,7 +55,8 @@ class LassoSPKitUtilsSession {
|
|||
'federateParams'=>0,
|
||||
'sloParams'=>0,
|
||||
'defederationParams'=>0);
|
||||
private static $use_session = 0;
|
||||
public static $use_session = 0;
|
||||
static private $timeout = 3600;
|
||||
private $id = null;
|
||||
|
||||
private function __construct() {
|
||||
|
@ -73,12 +77,17 @@ class LassoSPKitUtilsSession {
|
|||
if (! file_exists($filepath)) {
|
||||
lassospkit_debuglog("$filepath does not exist but cookie exists.");
|
||||
}
|
||||
$content = @file_get_contents($filepath);
|
||||
if ($content === FALSE) {
|
||||
lassospkit_debuglog("cannot read $filepath");
|
||||
if (time()-filemtime($filepath) < self::$timeout) {
|
||||
$content = @file_get_contents($filepath);
|
||||
if ($content === FALSE) {
|
||||
lassospkit_debuglog("cannot read $filepath");
|
||||
}
|
||||
} else {
|
||||
$this->delete();
|
||||
}
|
||||
}
|
||||
} else {
|
||||
}
|
||||
if (! $content) {
|
||||
$this->id = md5("lasso" . rand());
|
||||
setcookie(self::$cookiename, $this->id);
|
||||
}
|
||||
|
@ -90,7 +99,7 @@ class LassoSPKitUtilsSession {
|
|||
} else {
|
||||
// Malformed session object, reset
|
||||
$this->vars = array();
|
||||
self::clear();
|
||||
$this->delete();
|
||||
}
|
||||
} else {
|
||||
$this->vars = array();
|
||||
|
@ -106,9 +115,11 @@ class LassoSPKitUtilsSession {
|
|||
if (self::$use_session) {
|
||||
$_SESSION[self::$key] = $content;
|
||||
} else {
|
||||
$ret = @file_put_contents(lassospkit_datadir() . "/cookie_session_" . $this->id, $content);
|
||||
if ($ret === FALSE) {
|
||||
lassospkit_debuglog("cannot write into " . lassospkit_datadir() . "/cookie_session_" . $this->id);
|
||||
if ($this->id) {
|
||||
$ret = @file_put_contents(lassospkit_datadir() . "/cookie_session_" . $this->id, $content);
|
||||
if ($ret === FALSE) {
|
||||
lassospkit_debuglog("cannot write into " . lassospkit_datadir() . "/cookie_session_" . $this->id);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -160,10 +171,19 @@ class LassoSPKitUtilsSession {
|
|||
|
||||
/* Helper static functions */
|
||||
|
||||
function delete() {
|
||||
$filepath = lassospkit_datadir() . "/cookie_session_" . $this->id;
|
||||
@unlink($filepath);
|
||||
}
|
||||
/** Clear the session object of all communication
|
||||
from the LassoSPKit. */
|
||||
static function clear() {
|
||||
unset($_SESSION[self::$key]);
|
||||
function clear() {
|
||||
$this->id = null;
|
||||
$this->delete();
|
||||
}
|
||||
static function logout() {
|
||||
$athis = self::getSingleton();
|
||||
$athis->clear();
|
||||
}
|
||||
/** Set the NameID to transmit. */
|
||||
static function setNameID($NameID) {
|
||||
|
|
Reference in New Issue