From 3bc167f648c9a7e2c0bb533f03510acc3ce5de20 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Wed, 7 Jul 2010 08:22:37 +0000
Subject: [PATCH] Session: Add protection against session fixation attack.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2382 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Session.php | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index 410d764c3..ad4f27a6d 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -104,6 +104,16 @@ class SimpleSAML_Session {
 	private $associations = array();
 
 
+	/**
+	 * The authentication token.
+	 *
+	 * This token is used to prevent session fixation attacks.
+	 *
+	 * @var string|NULL
+	 */
+	private $authToken;
+
+
 	/**
 	 * private constructor restricts instantiaton to getInstance()
 	 */
@@ -360,6 +370,10 @@ class SimpleSAML_Session {
 		$this->authState = $authState;
 
 		$this->sessionstarted = time();
+
+		$this->authToken = SimpleSAML_Utilities::generateID();
+		$sessionHandler = SimpleSAML_SessionHandler::getSessionHandler();
+		$sessionHandler->setCookie('SimpleSAMLAuthToken', $this->authToken);
 	}
 
 
@@ -785,6 +799,17 @@ class SimpleSAML_Session {
 			return NULL;
 		}
 
+		if ($sessionData->authToken !== NULL) {
+			if (!isset($_COOKIE['SimpleSAMLAuthToken'])) {
+				SimpleSAML_Logger::warning('Missing AuthToken cookie.');
+				return NULL;
+			}
+			if ($_COOKIE['SimpleSAMLAuthToken'] !== $sessionData->authToken) {
+				SimpleSAML_Logger::warning('Invalid AuthToken cookie.');
+				return NULL;
+			}
+		}
+
 		return $sessionData;
 	}
 
-- 
GitLab