diff --git a/lib/SimpleSAML/Session.php b/lib/SimpleSAML/Session.php index feea0fbd30df5b20c323f3982e76fbced8782d9c..5be8582993024bcf07cea709ebb16c72817e4856 100644 --- a/lib/SimpleSAML/Session.php +++ b/lib/SimpleSAML/Session.php @@ -48,6 +48,13 @@ class Session implements \Serializable, Utils\ClearableState */ private static $instance = null; + /** + * The global configuration. + * + * @var \SimpleSAML\Configuration + */ + private static $config; + /** * The session ID of this session. * @@ -131,6 +138,7 @@ class Session implements \Serializable, Utils\ClearableState */ private $authData = array(); + /** * Private constructor that restricts instantiation to either getSessionFromRequest() for the current session or * getSession() for a specific one. @@ -139,6 +147,8 @@ class Session implements \Serializable, Utils\ClearableState */ private function __construct($transient = false) { + $this->setConfiguration(Configuration::getInstance()); + if (php_sapi_name() === 'cli' || defined('STDIN')) { $this->trackid = 'CL'.bin2hex(openssl_random_pseudo_bytes(4)); Logger::setTrackId($this->trackid); @@ -174,8 +184,7 @@ class Session implements \Serializable, Utils\ClearableState $this->markDirty(); // initialize data for session check function if defined - $globalConfig = Configuration::getInstance(); - $checkFunction = $globalConfig->getArray('session.check_function', null); + $checkFunction = self::$config->getArray('session.check_function', null); if (isset($checkFunction)) { assert(is_callable($checkFunction)); call_user_func($checkFunction, $this, true); @@ -183,6 +192,18 @@ class Session implements \Serializable, Utils\ClearableState } } + + /** + * Set the configuration we should use. + * + * @param Configuration $config + */ + public function setConfiguration(Configuration $config) + { + self::$config = $config; + } + + /** * Serialize this session object. * @@ -192,8 +213,7 @@ class Session implements \Serializable, Utils\ClearableState */ public function serialize() { - $serialized = serialize(get_object_vars($this)); - return $serialized; + return serialize(get_object_vars($this)); } /** @@ -212,6 +232,7 @@ class Session implements \Serializable, Utils\ClearableState $this->$k = $v; } } + self::$config = Configuration::getInstance(); // look for any raw attributes and load them in the 'Attributes' array foreach ($this->authData as $authority => $parameters) { @@ -542,8 +563,7 @@ class Session implements \Serializable, Utils\ClearableState assert(is_int($expire) || $expire === null); if ($expire === null) { - $globalConfig = Configuration::getInstance(); - $expire = time() + $globalConfig->getInteger('session.rememberme.lifetime', 14 * 86400); + $expire = time() + self::$config->getInteger('session.rememberme.lifetime', 14 * 86400); } $this->rememberMeExpire = $expire; @@ -581,12 +601,11 @@ class Session implements \Serializable, Utils\ClearableState $data['Authority'] = $authority; - $globalConfig = Configuration::getInstance(); if (!isset($data['AuthnInstant'])) { $data['AuthnInstant'] = time(); } - $maxSessionExpire = time() + $globalConfig->getInteger('session.duration', 8 * 60 * 60); + $maxSessionExpire = time() + self::$config->getInteger('session.duration', 8 * 60 * 60); if (!isset($data['Expire']) || $data['Expire'] > $maxSessionExpire) { // unset, or beyond our session lifetime. Clamp it to our maximum session lifetime $data['Expire'] = $maxSessionExpire; @@ -621,13 +640,13 @@ class Session implements \Serializable, Utils\ClearableState $sessionHandler = SessionHandler::getSessionHandler(); if (!$this->transient && (!empty($data['RememberMe']) || $this->rememberMeExpire) && - $globalConfig->getBoolean('session.rememberme.enable', false) + self::$config->getBoolean('session.rememberme.enable', false) ) { $this->setRememberMeExpire(); } else { try { Utils\HTTP::setCookie( - $globalConfig->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'), + self::$config->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'), $this->authToken, $sessionHandler->getCookieParams() ); @@ -755,9 +774,8 @@ class Session implements \Serializable, Utils\ClearableState $params = array_merge($sessionHandler->getCookieParams(), is_array($params) ? $params : array()); if ($this->authToken !== null) { - $globalConfig = Configuration::getInstance(); Utils\HTTP::setCookie( - $globalConfig->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'), + self::$config->getString('session.authtoken.cookiename', 'SimpleSAMLAuthToken'), $this->authToken, $params ); @@ -778,8 +796,7 @@ class Session implements \Serializable, Utils\ClearableState $this->markDirty(); if ($expire === null) { - $globalConfig = Configuration::getInstance(); - $expire = time() + $globalConfig->getInteger('session.duration', 8 * 60 * 60); + $expire = time() + self::$config->getInteger('session.duration', 8 * 60 * 60); } $this->authData[$authority]['Expire'] = $expire; @@ -859,9 +876,7 @@ class Session implements \Serializable, Utils\ClearableState if ($timeout === null) { // use the default timeout - $configuration = Configuration::getInstance(); - - $timeout = $configuration->getInteger('session.datastore.timeout', null); + $timeout = self::$config->getInteger('session.datastore.timeout', null); if ($timeout !== null) { if ($timeout <= 0) { throw new \Exception( @@ -1141,6 +1156,7 @@ class Session implements \Serializable, Utils\ClearableState */ public static function clearInternalState() { + self::$config = null; self::$instance = null; self::$sessions = null; }