source text does not need to go through internationalization as it is already handled by the text specified in the authsources file.

* Ensure getConfig* functions can only return Configuration

* Cleanup after #1189

* Deprecate Configuration::getConfigList

Fix typo

correct exampleauth namespace name

This allows us to default to the error log, while also not breaking SSP completely. If we cannot initialize the logging handler, then we resort to the web servers log and log a critical error.

This resolves #1194

bugfix: Do not flush logs after creating a session handler, we might not have a track ID and therefore the log will be trashed.

This (finally!) resolves #1176

Fix Psalm-issues batch #3

This is due to a recent change in master. We're no longer trying to fill the sessionID for transient sessions (doesn't even make any sense), so everywhere else where we were checking the session ID (e.g. to store the session) we need to check if it's transient instead, and give up in that case.

Also, `$instance` can actually be `null` internally.

The new `$initializing` property should signal that we are initializing the logging handler with a value of `true`, not the other way around. Also, it should only be set to `true` while we are actually initializing the logging handler.

The list of main contributors was very outdated.

Stats fix

If there is no "general" block defined in the expander, it just won't show.

It just doesn't make any sense. If we managed to get it from an existing cookie, it serves no purpose, as at this point we couldn't load the session anyway, and what we use to track users is the track ID, not the session ID. Additionally, since this is a transient session, we're not going to push the cookie to the browser (we might not even can do that), so it's really pointless to set the session ID.

This, additionally, was causing that the Session class would be unable to initialize and register a transient session if the issue that forced us to use a transient in the first place was an issue with the session handler (e.g. missing PHP extensions or dependencies, or connection failure to the backend, etc). Under such circumstances, the code removed here will not work either, since the session handler will continue to fail to initialize. This would cause the exception handler to jump in, completely losing control of the execution, and making it impossible to display the error to the user (since the transient session creation is never completed, it cannot be used later where it is needed in the SimpleSAML\Error\Error class).

This resolves #914.

This could happen when the handler is depending on a PHP extension, or connection to a database fails, or any other circumstance that may trigger an exception in the constructor of the session handler itself. We should be aware of this when using the session handler, therefore we update the phpdoc here to reflect that.

This resolves #1023, resolves #1093 and closes #1095.

This resolves #1176

Apparently, IE does not mark buttons as submit buttons when type is missing by default, making it impossible to submit a form.

This resolves #908.

This comment used to be true, but the behaviour was changed in 3c52b289 in order to purge old data more often.

This is something the developer of a module is supposed to deal with. If you are just using SSP, it doesn't make much sense to have your log files flooded by errors about missing translation files or directories, since you cannot do anything about it and the original english text will be used anyway.

If we reach this point, we're likely already logging the error somewhere else (i.e. the session handler in use), so there's no point on logging the exception's message again.