Skip to content
Snippets Groups Projects
Commit 52c6bf04 authored by Jaime Pérez's avatar Jaime Pérez
Browse files

bugfix: Make sure SimpleSAML_Session::getSessionFromRequest() always raises an... 

bugfix: Make sure SimpleSAML_Session::getSessionFromRequest() always raises an exception when a transient session is used due to a misconfiguration or a temporary failure fetching an existing session.

Transient sessions are just an exceptional event, and they shouldn't be treated as regular sessions. Therefore, if we are trying to get the current session and end up with a transient one, that's because an error occurred and we should raise an exception. Since exceptions due to secure cookies trying to be set via an insecure channel are likely to be misconfigurations, we treat them like that, raising a SimpleSAML\Error\CriticalConfigurationError.

Additionally, we capture exceptions in the SimpleSAML\Logger::flush() method, ensuring the error reported in #413 doesn't happen again.

This resolves #356.
parent 464cd147
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment