From e8dcbbb20feab87fd3cd7f779b1fbd830d44e7c2 Mon Sep 17 00:00:00 2001
From: Jaime Perez Crespo <jaime.perez@uninett.no>
Date: Tue, 20 Jan 2015 10:56:00 +0100
Subject: [PATCH] Manually remove idp-ssotime data from the session on the IdP,
 per association (instead of using SimpleSAML_Session::DATA_TIMEOUT_LOGOUT).

---
 lib/SimpleSAML/IdP.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/SimpleSAML/IdP.php b/lib/SimpleSAML/IdP.php
index a2bcbf1b6..e5566b832 100644
--- a/lib/SimpleSAML/IdP.php
+++ b/lib/SimpleSAML/IdP.php
@@ -261,7 +261,7 @@ class SimpleSAML_IdP {
 		if (isset($state['core:SP'])) {
 			$session = SimpleSAML_Session::getSessionFromRequest();
 			$session->setData('core:idp-ssotime', $state['core:IdP'] . ';' . $state['core:SP'],
-				time(), SimpleSAML_Session::DATA_TIMEOUT_LOGOUT);
+				time(), SimpleSAML_Session::DATA_TIMEOUT_SESSION_END);
 		}
 
 		call_user_func($state['Responder'], $state);
@@ -460,6 +460,8 @@ class SimpleSAML_IdP {
 
 		if ($assocId !== NULL) {
 			$this->terminateAssociation($assocId);
+			$session = SimpleSAML_Session::getSessionFromRequest();
+			$session->deleteData('core:idp-ssotime', $this->id . ':' . $state['saml:SPEntityId']);
 		}
 
 		/* Terminate the local session. */
@@ -489,6 +491,9 @@ class SimpleSAML_IdP {
 		assert('is_string($assocId)');
 		assert('is_string($relayState) || is_null($relayState)');
 
+		$session = SimpleSAML_Session::getSessionFromRequest();
+		$session->deleteData('core:idp-ssotime', $this->id . ';' . substr($assocId, strpos($assocId, ':') +1));
+
 		$handler = $this->getLogoutHandler();
 		$handler->onResponse($assocId, $relayState, $error);
 
-- 
GitLab