SessionHandlerPHP: Generate secure session id for new sessions.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@552 44740490-163a-0410-bde0-09ae8108e29a

SessionHandlerPHP: Generate secure session id for new sessions.
5358697d · Olav Morken · 6bbb208a · 5358697d
Commit 5358697d authored 16 years ago by Olav Morken
--- a/lib/SimpleSAML/SessionHandlerPHP.php
+++ b/lib/SimpleSAML/SessionHandlerPHP.php
 <?php

+require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Utilities.php');
+
 /**
 * This file is part of SimpleSAMLphp. See the file COPYING in the
 * root of the distribution for licence information.
@@ -38,6 +40,11 @@ class SimpleSAML_SessionHandlerPHP extends SimpleSAML_SessionHandler {
 			
 			$cookiename = $config->getValue('session.phpsession.cookiename', NULL);
 			if (!empty($cookiename)) session_name($cookiename);
+
+			if(!array_key_exists(session_name(), $_COOKIE)) {
+				/* Session cookie unset - session id not set. Generate new (secure) session id. */
+				session_id(SimpleSAML_Utilities::stringToHex(SimpleSAML_Utilities::generateRandomBytes(16)));
+			}
 			
 			session_start();
 		}