openid: Implement session store independent of the PHP session.

Fixes issue 304. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2559 44740490-163a-0410-bde0-09ae8108e29a

openid: Implement session store independent of the PHP session.
Fixes issue 304. git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2559 44740490-163a-0410-bde0-09ae8108e29a
749dc95d · Olav Morken · e7fe6b2f · 749dc95d · 749dc95d
Commit 749dc95d authored 14 years ago by Olav Morken
--- a/modules/openid/lib/SessionStore.php
+++ b/modules/openid/lib/SessionStore.php
+<?php
+
+/**
+ * Class which implements the openid session store logic.
+ *
+ * This class has the interface specified in the constructor of the
+ * Auth_OpenID_Consumer class.
+ *
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+class sspmod_openid_SessionStore {
+
+	/**
+	 * Retrieve a key from the session store.
+	 *
+	 * @param string $key  The key we should retrieve.
+	 * @return mixed  The value stored with the given key, or NULL if the key isn't found.
+	 */
+	public function get($key) {
+		assert('is_string($key)');
+
+		$session = SimpleSAML_Session::getInstance();
+		return $session->getData('openid.session', $key);
+	}
+
+
+	/**
+	 * Save a value to the session store under the given key.
+	 *
+	 * @param string $key  The key we should save.
+	 * @param mixed NULL $value  The value we should save.
+	 */
+	public function set($key, $value) {
+		assert('is_string($key)');
+
+		$session = SimpleSAML_Session::getInstance();
+		$session->setData('openid.session', $key, $value);
+	}
+
+
+	/**
+	 * Delete a key from the session store.
+	 *
+	 * @param string $key  The key we should delete.
+	 */
+	public function del($key) {
+		assert('is_string($key)');
+
+		$session = SimpleSAML_Session::getInstance();
+		$session->deleteData('openid.session', $key);
+	}
+
+}
--- a/modules/openid/www/consumer.php
+++ b/modules/openid/www/consumer.php
@@ -13,20 +13,6 @@ require_once('Auth/OpenID/SReg.php');
 require_once('Auth/OpenID/Server.php');
 require_once('Auth/OpenID/ServerRequest.php');

-/*
- * The OpenID library uses the $_SESSION variable, so we may need to
- * initialize the session.
- *
- * We first initialize the SimpleSAML_Session object, to allow its configuration to
- * take precedence. If the SimpleSAML_Session object doesn't use the PHP session, we
- * will initialize the PHP session with default settings.
- */
-SimpleSAML_Session::getInstance();
-if(session_id() === '') {
-	/* PHP session not initialized - start session. */
-	session_start();
-}
-
 $config = SimpleSAML_Configuration::getInstance();

 /* Find the authentication state. */
@@ -57,7 +43,8 @@ function displayError($message) {
 function getConsumer() {
 	global $state;
 	$store = new sspmod_openid_StateStore($state);
-	return new Auth_OpenID_Consumer($store);
+	$session = new sspmod_openid_SessionStore();
+	return new Auth_OpenID_Consumer($store, $session);
 }

 function getReturnTo() {