Commits · 668836b3970369bba29ed7c45c38cf302d582ec1 · Perun / Perun ProxyIdP / v1 / simplesamlphp

Aug 05, 2018
- Fix improper use of 'self' keyword · 4063ae09
  Tim van Dijen authored 6 years ago
  
  4063ae09
- Fix improper use of 'self' keyword · 97e05f0c
  Tim van Dijen authored 6 years ago
  
  97e05f0c
May 31, 2018
- Replace SimpleSAML_Error_* with namespaced version · a3513e46
  Tim van Dijen authored 6 years ago
  
  a3513e46
- Replace SimpleSAML_Session with namespaced version · 33de7bd3
  Tim van Dijen authored 6 years ago
  
  33de7bd3
- Replace SimpleSAML_Configuration with namespaced version · 8046bb23
  Tim van Dijen authored 6 years ago
  
  8046bb23
Apr 18, 2018
- Fix tests for PHP 7.2 · 66828779
  Jan Trejbal authored 7 years ago
  
  66828779
Feb 22, 2018
- session_cache_limiter() goes before session_start() · e3557c82
  Tim van Dijen authored 7 years ago
  
  Fixes issue https://github.com/simplesamlphp/simplesamlphp/issues/793
  e3557c82
Nov 29, 2017
- Remove leftovers from previously supported PHP-version · e8a89aaf
  Tim van Dijen authored 7 years ago
  
  e8a89aaf
Oct 19, 2017
- removing uses of assert() with string value · f1c7754f
  fentie authored 7 years ago
  
  f1c7754f
Jun 06, 2017

Fix a bug in the PHP session handler · ab344d88

Jaime Pérez Crespo authored 7 years ago

When unserializing the session fails, the handler should return null instead of false. Additionally, SimpleSAML_Session::load() should make sure that it got an instance of SimpleSAML_Session, to avoid any misbehaving handlers to generate an issue.

This resolves #616.

ab344d88

Apr 01, 2017
- SimpleSAML_SessionHandler* classes refactorized to PSR-4 · bd7bb208
  Sergio Gómez authored 8 years ago
  
  bd7bb208
Sep 27, 2016
- Log a warning when we notice a probable misconfiguration of PHP sessions. · 3fe4bb19
  Jaime Pérez authored 8 years ago
  
  This is related to #478.
  3fe4bb19
Jul 04, 2016

Make exception message when setting secure PHP session cookies through an... · 0b33b995

Jaime Pérez authored 8 years ago

Make exception message when setting secure PHP session cookies through an insecure channel coincident with the message in SimpleSAML\Utils\HTTP::setCookie().

0b33b995

Start using the error codes in SimpleSAML\Error\CannotSetCookie. · f50f0297

Jaime Pérez authored 8 years ago

Both SimpleSAML_SessionHandlerPHP::setCookie() and SimpleSAML\Utils\HTTP::setCookie() throw the SimpleSAML\Error\CannotSetCookie exception. Depending on why the error was generated, set the error code in the exception accordingly.

f50f0297

Jul 03, 2016

Revert "Set the session name explicitly in SessionHandlerPHP, even when we are... · 3ad8a9f2

Jaime Pérez authored 8 years ago

Revert "Set the session name explicitly in SessionHandlerPHP, even when we are using the default value."

This reverts commit cd6278cc.

3ad8a9f2

Jul 02, 2016

bugfix: Stop SimpleSAML_SessionHandler::newSessionId() from initializing the session. · 4056af12

Jaime Pérez authored 8 years ago

Historically, SimpleSAML_SessionHandler::newSessionId() has also created the session, sending the cookies to the browser. This is problematic both because given the name of the method one would not assume such behaviour, and also because even for transient sessions the handler would then try to set cookies. When we are using a transient session, it is likely to be because we cannot set cookies or because there was a temporary error when loading the session. If we try to set the cookies even for transient sessions, we could either get an error because cookies cannot be set, or overwrite the previous session cookies with transient ones, trashing a legitimate session in case a temporary error occurs.

As a side effect, this can also cause behaviours like the one described in issue #413. There's no point in trying to set the cookies when it's not possible, so we shouldn't even try, and save us the errors.

To fix this, we made SimpleSAML_SessionHandler::setCookie() abstract, forcing each extending class to implement it. The former implementation is moved to SimpleSAML_SessionHandlerCookie, and the SimpleSAML_SessionHandlerPHP gets a new method that starts the session, effectively sending the cookie. SimpleSAML_Session would then be responsible to call the setCookie() method of the session handler when creating a regular session, and skip it when creating a transient one. This introduces a bug, since SimpleSAML_Session was trying to set the auth token cookie calling the same setCookie() method in the session handler. We fixed that by using SimpleSAML\Utils\HTTP::setCookie() instead, in 8756835b.

This resolves #413.

4056af12

Set the session name explicitly in SessionHandlerPHP, even when we are using the default value. · cd6278cc
Jaime Pérez authored 8 years ago

cd6278cc
Fix indentation. · 271be82c
Jaime Pérez authored 8 years ago

271be82c

Jun 08, 2016
- Stop using the deprecated SimpleSAML_Configuration::getBaseURL() method. · 17e63ab1
  Jaime Perez Crespo authored 8 years ago
  
  17e63ab1
Apr 12, 2016
- Prevent session_start() from sending cookies if possible. If not, at least supress warnings. · 51d3517e
  Jaime Perez Crespo authored 9 years ago
  
  51d3517e
Apr 07, 2016

Fix build. PHP versions older than 5.4 don't have session_status(). · 15f3881c
Jaime Perez Crespo authored 9 years ago

15f3881c

Add a method to SimpleSAMLphp_SessionHandlerPHP to restore a session existing... · 8dc545b8

Jaime Perez Crespo authored 9 years ago

Add a method to SimpleSAMLphp_SessionHandlerPHP to restore a session existing previously to our own session. This can be used in SimpleSAML_Session to restore the PHP session status previous to calling our API, while also guaranteeing that our session is correctly saved. The documentation has been updated to reflect this and recommend how to deal with conflicting PHP sessions. This closes #244 and resolves #349.

8dc545b8

Bugfixes: the PHP session handler only fetches the cookie configuration... · 5fd4839e

Jaime Perez Crespo authored 9 years ago

Bugfixes: the PHP session handler only fetches the cookie configuration parameters if session_id() returns a non-empty ID. This won't happen if the application initialized a session previously, hijacking the session and causing all kinds of trouble. Instead, we need to detect if there's an active session, save its parameters and close it. After closing it, we can name a new session and set the cookie parameters.

5fd4839e

Bugfix: when using PHP sessions, if there's already a session, session_id()... · d5480a99

Jaime Perez Crespo authored 9 years ago

Bugfix: when using PHP sessions, if there's already a session, session_id() will return the identifier of that session, not our session. In that case, we need to make sure it is our session so that we don't hijack the one of the application.

d5480a99

Feb 15, 2016
- Avoid the PHP session handler to generate errors when we try to retrieve a... · 38cb6577
  Jaime Perez Crespo authored 9 years ago
  
  Avoid the PHP session handler to generate errors when we try to retrieve a session after the headers being sent to the browser.
  38cb6577
Oct 26, 2015
- Avoid session cookies being set twice, hopefully for good. · a0407d17
  Jaime Perez Crespo authored 9 years ago
  
  a0407d17
Aug 04, 2015
- Reformat SimpleSAML_SessionHandlerPHP and remove unused variable. · 3a3e24e9
  Jaime Perez Crespo authored 9 years ago
  
  3a3e24e9
- Fix phpdoc comments in SimpleSAML_SessionHandlerPHP. · 46f813e4
  Jaime Perez Crespo authored 9 years ago
  
  46f813e4
Jun 08, 2015
- Remove another piece of support code for PHP 5.1 and earlier. · 8b20f1d2
  Thijs Kinkhorst authored 9 years ago
  
  8b20f1d2
May 27, 2015
- Set PHP session cookie configuation to be true by default. · 47e9bdc4
  Thijs Kinkhorst authored 9 years ago
  
  It's obviously more secure and therefore better as a default.
  47e9bdc4
Apr 21, 2015
- Move SimpleSAML_Utilities::isHTTPS() to SimpleSAML\Utils\HTTP::isHTTPS() and deprecate the former. · db592d6c
  Jaime Perez Crespo authored 9 years ago
  
  db592d6c
Apr 16, 2015
- Schedule SimpleSAML_Utilities::stringToHex() for removal. Deprecate and stop using it. · 4f7e78f6
  Jaime Perez Crespo authored 9 years ago
  
  4f7e78f6
- Schedule SimpleSAML_Utilities::generateRandomBytes() for removal. Deprecate and stop using it. · 9118f43c
  Jaime Perez Crespo authored 9 years ago
  
  9118f43c
Jul 09, 2014
- Drop obsolete SVN $Id$ keywords. · 75da426f
  Thijs Kinkhorst authored 10 years ago
  
  75da426f
Sep 13, 2013
- Add SimpleSAML_SessionHandler::getSessionCookieName() (patch 1 from issue #571). · cddb7d91
  Andjelko Horvat authored 11 years ago
  
  git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3275 44740490-163a-0410-bde0-09ae8108e29a
  cddb7d91
Sep 11, 2013
- SimpleSAML_SessionHandlerPHP::newSessionId(): cleaner version for r3273. · acb4051c
  Andjelko Horvat authored 11 years ago
  
  git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3274 44740490-163a-0410-bde0-09ae8108e29a
  acb4051c
- SimpleSAML_SessionHandlerPHP::newSessionId(): fix for session start (introduced in r3271). · 8e312491
  Andjelko Horvat authored 11 years ago
  
  git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3273 44740490-163a-0410-bde0-09ae8108e29a
  8e312491
Sep 05, 2013
- Generate new session id for new sessions (issue #569). · 406b169b
  Andjelko Horvat authored 11 years ago
  
  git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3271 44740490-163a-0410-bde0-09ae8108e29a
  406b169b
Jan 30, 2012

Session: Don't attempt to fetch new sessions from session handlers. · 2607c613

Olav Morken authored 13 years ago

Thanks to Synacor, Inc. for providing this patch!

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@3025 44740490-163a-0410-bde0-09ae8108e29a

2607c613

Aug 10, 2011

HTTP POST redirect support (issue 418). · 6491e66c

Andjelko Horvat authored 13 years ago

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2888 44740490-163a-0410-bde0-09ae8108e29a

6491e66c