Session: Don't attempt to fetch new sessions from session handlers.

Thanks to Synacor, Inc. for providing this patch!

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3025 44740490-163a-0410-bde0-09ae8108e29a

lib/SimpleSAML/Session.php

@@ -956,6 +956,15 @@ class SimpleSAML_Session {
 		return $ret;
 	}
 
+	/**
+	 * Create a new session and cache it.
+	 *
+	 * @param string $sessionId  The new session we should create.
+	 */
+	public static function createSession($sessionId) {
+		assert('is_string($sessionId)');
+		self::$sessions[$sessionId] = NULL;
+	}
 
 	/**
 	 * Load a session from the session handler.
@@ -975,7 +984,7 @@ class SimpleSAML_Session {
 			$checkToken = FALSE;
 		}
 
-		if (isset(self::$sessions[$sessionId])) {
+		if (array_key_exists($sessionId, self::$sessions)) {
 			return self::$sessions[$sessionId];
 		}
 

lib/SimpleSAML/SessionHandlerCookie.php

@@ -55,6 +55,7 @@ extends SimpleSAML_SessionHandler {
 			if(!self::isValidSessionID($this->session_id)) {
 				/* We don't have a valid session. Create a new session id. */
 				$this->session_id = self::createSessionID();
+				SimpleSAML_Session::createSession($this->session_id);
 				$this->setCookie($this->cookie_name, $this->session_id);
 			}
 		}

lib/SimpleSAML/SessionHandlerPHP.php

@@ -73,7 +73,9 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler {
 				}
 
 				/* Session cookie unset - session id not set. Generate new (secure) session id. */
-				session_id(SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(16)));
+				$sessionId = SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(16));
+				SimpleSAML_Session::createSession($sessionId);
+				session_id($sessionId);
 			}
 			
 			session_start();