diff --git a/lib/SimpleSAML/SessionHandlerPHP.php b/lib/SimpleSAML/SessionHandlerPHP.php
index 1caf4eb073ca24ba6907df655aa517639c514b02..eb0c7d57fab00314c13090b2d07ee808dee6d432 100644
--- a/lib/SimpleSAML/SessionHandlerPHP.php
+++ b/lib/SimpleSAML/SessionHandlerPHP.php
@@ -84,6 +84,32 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler
}
+ /**
+ * This method starts a session, making sure no warnings are generated due to headers being already sent.
+ */
+ private function sessionStart()
+ {
+ $cacheLimiter = session_cache_limiter();
+ if (headers_sent()) {
+ /*
+ * session_start() tries to send HTTP headers depending on the configuration, according to the
+ * documentation:
+ *
+ * http://php.net/manual/en/function.session-start.php
+ *
+ * If headers have been already sent, it will then trigger an error since no more headers can be sent.
+ * Being unable to send headers does not mean we cannot recover the session by calling session_start(),
+ * so we still want to call it. In this case, though, we want to avoid session_start() to send any
+ * headers at all so that no error is generated, so we clear the cache limiter temporarily (no headers
+ * sent then) and restore it after successfully starting the session.
+ */
+ session_cache_limiter('');
+ }
+ @session_start();
+ session_cache_limiter($cacheLimiter);
+ }
+
+
/**
* Restore a previously-existing session.
*
@@ -113,7 +139,7 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler
);
session_id($this->previous_session['id']);
$this->previous_session = array();
- session_start();
+ $this->sessionStart();
/*
* At this point, we have restored a previously-existing session, so we can't continue to use our session here.
@@ -154,7 +180,7 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler
}
session_id($sessionId);
- session_start();
+ $this->sessionStart();
return session_id();
}
@@ -182,25 +208,7 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler
throw new SimpleSAML_Error_Exception('Session start with secure cookie not allowed on http.');
}
- $cacheLimiter = session_cache_limiter();
- if (headers_sent()) {
- /*
- * session_start() tries to send HTTP headers depending on the configuration, according to the
- * documentation:
- *
- * http://php.net/manual/en/function.session-start.php
- *
- * If headers have been already sent, it will then trigger an error since no more headers can be sent.
- * Being unable to send headers does not mean we cannot recover the session by calling session_start(),
- * so we still want to call it. In this case, though, we want to avoid session_start() to send any
- * headers at all so that no error is generated, so we clear the cache limiter temporarily (no headers
- * sent then) and restore it after successfully starting the session.
- */
- session_cache_limiter('');
- }
- session_start();
- session_cache_limiter($cacheLimiter);
-
+ $this->sessionStart();
return session_id();
}
@@ -250,7 +258,7 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler
}
session_id($sessionId);
- session_start();
+ $this->sessionStart();
} elseif ($sessionId !== session_id()) {
throw new SimpleSAML_Error_Exception('Cannot load PHP session with a specific ID.');
}