Skip to content
Snippets Groups Projects
Commit f6c12ee5 authored by Olav Morken's avatar Olav Morken
Browse files

Changed SessionHandlerCookie to use Utilities::generateID for session id generation.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@548 44740490-163a-0410-bde0-09ae8108e29a
parent 69e427c5
No related branches found
No related tags found
No related merge requests found
...@@ -3,6 +3,9 @@ ...@@ -3,6 +3,9 @@
/* We need access to the configuration from config/config.php. */ /* We need access to the configuration from config/config.php. */
require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Configuration.php'); require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Configuration.php');
/* We need the generateID function from Utilities. */
require_once((isset($SIMPLESAML_INCPREFIX)?$SIMPLESAML_INCPREFIX:'') . 'SimpleSAML/Utilities.php');
/** /**
* This file is part of SimpleSAMLphp. See the file COPYING in the * This file is part of SimpleSAMLphp. See the file COPYING in the
* root of the distribution for licence information. * root of the distribution for licence information.
...@@ -46,7 +49,7 @@ extends SimpleSAML_SessionHandler { ...@@ -46,7 +49,7 @@ extends SimpleSAML_SessionHandler {
} }
/* We don't have a valid session. Create a new session id. */ /* We don't have a valid session. Create a new session id. */
$this->session_id = self::createSessionID(); $this->session_id = SimpleSAML_Utilities::generateID();
setcookie('SimpleSAMLSessionID', $this->session_id, 0, '/', setcookie('SimpleSAMLSessionID', $this->session_id, 0, '/',
NULL, self::secureCookie(), TRUE); NULL, self::secureCookie(), TRUE);
} }
...@@ -84,23 +87,6 @@ extends SimpleSAML_SessionHandler { ...@@ -84,23 +87,6 @@ extends SimpleSAML_SessionHandler {
} }
/* This static function creates a session id. A session id consists
* of 32 random hexadecimal characters.
*
* Returns:
* A random session id.
*/
private static function createSessionID() {
$id = '';
for($i = 0; $i < 32; $i++) {
/* TODO: Is rand(...) secure enough? */
$id .= dechex(rand(0, 15));
}
return $id;
}
/* This static function validates a session id. A session id is valid /* This static function validates a session id. A session id is valid
* if it only consists of characters which are allowed in a session id * if it only consists of characters which are allowed in a session id
* and it is the correct length. * and it is the correct length.
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment