Prevent session_start() from sending cookies if possible. If not, at least supress warnings.

lib/SimpleSAML/SessionHandlerPHP.php

@@ -84,6 +84,32 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler
     }
 
 
+    /**
+     * This method starts a session, making sure no warnings are generated due to headers being already sent.
+     */
+    private function sessionStart()
+    {
+        $cacheLimiter = session_cache_limiter();
+        if (headers_sent()) {
+            /*
+             * session_start() tries to send HTTP headers depending on the configuration, according to the
+             * documentation:
+             *
+             *      http://php.net/manual/en/function.session-start.php
+             *
+             * If headers have been already sent, it will then trigger an error since no more headers can be sent.
+             * Being unable to send headers does not mean we cannot recover the session by calling session_start(),
+             * so we still want to call it. In this case, though, we want to avoid session_start() to send any
+             * headers at all so that no error is generated, so we clear the cache limiter temporarily (no headers
+             * sent then) and restore it after successfully starting the session.
+             */
+            session_cache_limiter('');
+        }
+        @session_start();
+        session_cache_limiter($cacheLimiter);
+    }
+
+
     /**
      * Restore a previously-existing session.
      *
@@ -113,7 +139,7 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler
         );
         session_id($this->previous_session['id']);
         $this->previous_session = array();
-        session_start();
+        $this->sessionStart();
 
         /*
          * At this point, we have restored a previously-existing session, so we can't continue to use our session here.
@@ -154,7 +180,7 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler
         }
 
         session_id($sessionId);
-        session_start();
+        $this->sessionStart();
 
         return session_id();
     }
@@ -182,25 +208,7 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler
             throw new SimpleSAML_Error_Exception('Session start with secure cookie not allowed on http.');
         }
 
-        $cacheLimiter = session_cache_limiter();
-        if (headers_sent()) {
-            /*
-             * session_start() tries to send HTTP headers depending on the configuration, according to the
-             * documentation:
-             *
-             *      http://php.net/manual/en/function.session-start.php
-             *
-             * If headers have been already sent, it will then trigger an error since no more headers can be sent.
-             * Being unable to send headers does not mean we cannot recover the session by calling session_start(),
-             * so we still want to call it. In this case, though, we want to avoid session_start() to send any
-             * headers at all so that no error is generated, so we clear the cache limiter temporarily (no headers
-             * sent then) and restore it after successfully starting the session.
-             */
-            session_cache_limiter('');
-        }
-        session_start();
-        session_cache_limiter($cacheLimiter);
-
+       $this->sessionStart();
         return session_id();
     }
 
@@ -250,7 +258,7 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler
                 }
 
                 session_id($sessionId);
-                session_start();
+                $this->sessionStart();
             } elseif ($sessionId !== session_id()) {
                 throw new SimpleSAML_Error_Exception('Cannot load PHP session with a specific ID.');
             }