From 749dc95d690651b3b68a786107fff387e5e317e7 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Wed, 22 Sep 2010 06:18:39 +0000
Subject: [PATCH] openid: Implement session store independent of the PHP
 session.

Fixes issue 304.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2559 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/openid/lib/SessionStore.php | 54 +++++++++++++++++++++++++++++
 modules/openid/www/consumer.php     | 17 ++-------
 2 files changed, 56 insertions(+), 15 deletions(-)
 create mode 100644 modules/openid/lib/SessionStore.php

diff --git a/modules/openid/lib/SessionStore.php b/modules/openid/lib/SessionStore.php
new file mode 100644
index 000000000..a084d0919
--- /dev/null
+++ b/modules/openid/lib/SessionStore.php
@@ -0,0 +1,54 @@
+<?php
+
+/**
+ * Class which implements the openid session store logic.
+ *
+ * This class has the interface specified in the constructor of the
+ * Auth_OpenID_Consumer class.
+ *
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+class sspmod_openid_SessionStore {
+
+	/**
+	 * Retrieve a key from the session store.
+	 *
+	 * @param string $key  The key we should retrieve.
+	 * @return mixed  The value stored with the given key, or NULL if the key isn't found.
+	 */
+	public function get($key) {
+		assert('is_string($key)');
+
+		$session = SimpleSAML_Session::getInstance();
+		return $session->getData('openid.session', $key);
+	}
+
+
+	/**
+	 * Save a value to the session store under the given key.
+	 *
+	 * @param string $key  The key we should save.
+	 * @param mixed NULL $value  The value we should save.
+	 */
+	public function set($key, $value) {
+		assert('is_string($key)');
+
+		$session = SimpleSAML_Session::getInstance();
+		$session->setData('openid.session', $key, $value);
+	}
+
+
+	/**
+	 * Delete a key from the session store.
+	 *
+	 * @param string $key  The key we should delete.
+	 */
+	public function del($key) {
+		assert('is_string($key)');
+
+		$session = SimpleSAML_Session::getInstance();
+		$session->deleteData('openid.session', $key);
+	}
+
+}
diff --git a/modules/openid/www/consumer.php b/modules/openid/www/consumer.php
index 764f1fbf5..c6b9392e2 100644
--- a/modules/openid/www/consumer.php
+++ b/modules/openid/www/consumer.php
@@ -13,20 +13,6 @@ require_once('Auth/OpenID/SReg.php');
 require_once('Auth/OpenID/Server.php');
 require_once('Auth/OpenID/ServerRequest.php');
 
-/*
- * The OpenID library uses the $_SESSION variable, so we may need to
- * initialize the session.
- *
- * We first initialize the SimpleSAML_Session object, to allow its configuration to
- * take precedence. If the SimpleSAML_Session object doesn't use the PHP session, we
- * will initialize the PHP session with default settings.
- */
-SimpleSAML_Session::getInstance();
-if(session_id() === '') {
-	/* PHP session not initialized - start session. */
-	session_start();
-}
-
 $config = SimpleSAML_Configuration::getInstance();
 
 /* Find the authentication state. */
@@ -57,7 +43,8 @@ function displayError($message) {
 function getConsumer() {
 	global $state;
 	$store = new sspmod_openid_StateStore($state);
-	return new Auth_OpenID_Consumer($store);
+	$session = new sspmod_openid_SessionStore();
+	return new Auth_OpenID_Consumer($store, $session);
 }
 
 function getReturnTo() {
-- 
GitLab