From 3bc167f648c9a7e2c0bb533f03510acc3ce5de20 Mon Sep 17 00:00:00 2001 From: Olav Morken <olav.morken@uninett.no> Date: Wed, 7 Jul 2010 08:22:37 +0000 Subject: [PATCH] Session: Add protection against session fixation attack. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2382 44740490-163a-0410-bde0-09ae8108e29a --- lib/SimpleSAML/Session.php | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php index 410d764c3..ad4f27a6d 100644 --- a/lib/SimpleSAML/Session.php +++ b/lib/SimpleSAML/Session.php @@ -104,6 +104,16 @@ class SimpleSAML_Session { private $associations = array(); + /** + * The authentication token. + * + * This token is used to prevent session fixation attacks. + * + * @var string|NULL + */ + private $authToken; + + /** * private constructor restricts instantiaton to getInstance() */ @@ -360,6 +370,10 @@ class SimpleSAML_Session { $this->authState = $authState; $this->sessionstarted = time(); + + $this->authToken = SimpleSAML_Utilities::generateID(); + $sessionHandler = SimpleSAML_SessionHandler::getSessionHandler(); + $sessionHandler->setCookie('SimpleSAMLAuthToken', $this->authToken); } @@ -785,6 +799,17 @@ class SimpleSAML_Session { return NULL; } + if ($sessionData->authToken !== NULL) { + if (!isset($_COOKIE['SimpleSAMLAuthToken'])) { + SimpleSAML_Logger::warning('Missing AuthToken cookie.'); + return NULL; + } + if ($_COOKIE['SimpleSAMLAuthToken'] !== $sessionData->authToken) { + SimpleSAML_Logger::warning('Invalid AuthToken cookie.'); + return NULL; + } + } + return $sessionData; } -- GitLab