diff --git a/lib/SimpleSAML/Logger.php b/lib/SimpleSAML/Logger.php
index a483385f469544d43d9c5c301e34a09dccc47be3..f838db1dfd0724c5e33a2af35f4d83dd5c960047 100644
--- a/lib/SimpleSAML/Logger.php
+++ b/lib/SimpleSAML/Logger.php
@@ -267,7 +267,13 @@ class Logger
*/
public static function flush()
{
- $s = \SimpleSAML_Session::getSessionFromRequest();
+ try {
+ $s = \SimpleSAML_Session::getSessionFromRequest();
+ } catch (\Exception $e) {
+ // loading session failed. We don't care why, at this point we have a transient session, so we use that
+ self::error('Cannot load or create session: '.$e->getMessage());
+ $s = \SimpleSAML_Session::getSessionFromRequest();
+ }
self::$trackid = $s->getTrackID();
self::$shuttingDown = true;
diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php
index 6d325d900e62f2c842368ff80dd2d446ddc7e309..2ffd0e77dc605f7f1d1d616f42e818b82c6314ab 100644
--- a/lib/SimpleSAML/Session.php
+++ b/lib/SimpleSAML/Session.php
@@ -205,8 +205,8 @@ class SimpleSAML_Session
* session here. Therefore, use just a transient session and throw the exception for someone else to handle
* it.
*/
- SimpleSAML\Logger::error('Error loading session: '.$e->getMessage());
self::useTransientSession($e);
+ SimpleSAML\Logger::error('Error loading session: '.$e->getMessage());
}
// if getSession() found it, use it
@@ -229,8 +229,17 @@ class SimpleSAML_Session
self::load(new SimpleSAML_Session());
} catch (\SimpleSAML\Error\CannotSetCookie $e) {
// can't create a regular session because we can't set cookies. Use transient.
- SimpleSAML\Logger::error('Error creating session: '.$e->getMessage());
+ $c = SimpleSAML_Configuration::getInstance();
self::useTransientSession();
+
+ if ($e->getCode() === \SimpleSAML\Error\CannotSetCookie::SECURE_COOKIE) {
+ throw new \SimpleSAML\Error\CriticalConfigurationError(
+ $e->getMessage(),
+ null,
+ $c->toArray()
+ );
+ }
+ SimpleSAML\Logger::error('Error creating session: '.$e->getMessage());
}
// we must have a session now, either regular or transient