Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • cesnet_simplesamlphp-1.19.8
  • elixir_simplesamlphp-1.19.8
  • simplesamlphp-1.19.8
  • cesnet_simplesamlphp-1.19.5
  • simplesamlphp-2.0
  • feature/assets
  • feature/rac-source-selector
  • cleanup/remove-base64-attributes
  • simplesamlphp-1.19
  • elixir_simplesamlphp-1.19.5
  • aarc_idp_hinting
  • feature/validate-authstate-before-processing
  • feature/build-two-tarballs
  • dependabot/composer/twig/twig-3.4.3
  • tvdijen-patch-1
  • unchanged-acs-url-no-www-script
  • feature/translation-improvements
  • symfony6
  • move_tests
  • v1.19.9
  • v2.1.3
  • v2.0.10
  • v2.1.2
  • v2.0.9
  • v2.1.1
  • v2.0.8
  • v2.1.0
  • v2.0.7
  • v2.1.0-rc1
  • v2.0.6
  • v2.0.5
  • 2.0.4-alpha.1
  • v2.0.4-alpha.1
  • v2.0.4
  • v2.0.3
  • v2.0.2
  • v2.0.1-alpha.1
  • v2.0.1
  • v1.19.8
40 results
Search by author
  • Any Author
  • Bohumír Maštalíř Bohumír Maštalíř mastalir
  • David Flor David Flor 493294
  • Jakub Kriš Jakub Kriš 182608
  • Jan Pavlíček Jan Pavlíček 469355
  • Jiří Prokop Jiří Prokop 525248
  • Marek Hlávka Marek Hlávka 484956
  • Martin Kuba Martin Kuba 3988
  • Matej Jošťák Matej Jošťák mixxo
  • Mgr. Radim Křivánek Mgr. Radim Křivánek radimkrivanek
  • Michal Berky Michal Berky 514063
  • Pavel Vyskočil Pavel Vyskočil 445753
  • Pavel Zlámal Pavel Zlámal 256627
  • Perun-GitLab Service Account Perun-GitLab Service Account 9045464
  • Peter Bolha Peter Bolha 485456
  • Peter Lényi Peter Lényi 256333
  • Přemysl Kala Přemysl Kala 47343
  • Rastislav Kruták Rastislav Kruták 492918
  • Šárka Palkovičová Šárka Palkovičová 492687
18 authors
  1. Jun 06, 2017
    • Jaime Pérez Crespo's avatar
      Fix a bug in the PHP session handler · ab344d88
      Jaime Pérez Crespo authored 
      When unserializing the session fails, the handler should return null instead of false. Additionally, SimpleSAML_Session::load() should make sure that it got an instance of SimpleSAML_Session, to avoid any misbehaving handlers to generate an issue.

This resolves #616.
      Unverified
      ab344d88
  3. Apr 01, 2017
  5. Sep 27, 2016
  7. Jul 04, 2016
  9. Jul 03, 2016
  11. Jul 02, 2016
    • Jaime Pérez's avatar
      bugfix: Stop SimpleSAML_SessionHandler::newSessionId() from initializing the session. · 4056af12
      Jaime Pérez authored 
      Historically, SimpleSAML_SessionHandler::newSessionId() has also created the session, sending the cookies to the browser. This is problematic both because given the name of the method one would not assume such behaviour, and also because even for transient sessions the handler would then try to set cookies. When we are using a transient session, it is likely to be because we cannot set cookies or because there was a temporary error when loading the session. If we try to set the cookies even for transient sessions, we could either get an error because cookies cannot be set, or overwrite the previous session cookies with transient ones, trashing a legitimate session in case a temporary error occurs.

As a side effect, this can also cause behaviours like the one described in issue #413. There's no point in trying to set the cookies when it's not possible, so we shouldn't even try, and save us the errors.

To fix this, we made SimpleSAML_SessionHandler::setCookie() abstract, forcing each extending class to implement it. The former implementation is moved to SimpleSAML_SessionHandlerCookie, and the SimpleSAML_SessionHandlerPHP gets a new method that starts the session, effectively sending the cookie. SimpleSAML_Session would then be responsible to call the setCookie() method of the session handler when creating a regular session, and skip it when creating a transient one. This introduces a bug, since SimpleSAML_Session was trying to set the auth token cookie calling the same setCookie() method in the session handler. We fixed that by using SimpleSAML\Utils\HTTP::setCookie() instead, in 8756835b.

This resolves #413.
      4056af12
    • Jaime Pérez's avatar
      Set the session name explicitly in SessionHandlerPHP, even when we are using the default value. · cd6278cc
      Jaime Pérez authored
      cd6278cc
    • Jaime Pérez's avatar
      Fix indentation. · 271be82c
      Jaime Pérez authored
      271be82c
  13. Jun 08, 2016
  15. Apr 12, 2016
  17. Apr 07, 2016
  19. Feb 15, 2016
  21. Oct 26, 2015
  23. Aug 04, 2015
  25. Jun 08, 2015
  27. May 27, 2015
  29. Apr 21, 2015
  31. Apr 16, 2015
  33. Jul 09, 2014
  35. Sep 13, 2013
  37. Sep 11, 2013
  39. Sep 05, 2013
  41. Jan 30, 2012
  43. Aug 10, 2011
  45. Aug 09, 2010
  47. Jul 13, 2010
  49. Jul 07, 2010
  51. Feb 24, 2010
  53. Feb 15, 2010
    • Olav Morken's avatar
      Disable cookie secure-flag by default. · c4ae073b
      Olav Morken authored 
      This patch removes the autodetection of the secure flag for the cookie
based on whether the user is accessing simpleSAMLphp through https. The
reason for this is that the user can often access an SP through both
https and http. If the user starts with http, everything will work, but
if the user starts with https, the user will get two separate cookies,
one for https and one for http.

This patch introduces a new configuration option in config.php:

    /*
     * Set the secure flag in the cookie.
     *
     * Set this to TRUE if the user only accesses your service
     * through https. If the user can access the service through
     * both http and https, this must be set to FALSE.
     */
    'session.cookie.secure' => FALSE,

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2180 44740490-163a-0410-bde0-09ae8108e29a
      c4ae073b
  55. Dec 02, 2009
  57. Sep 25, 2009
  59. Aug 14, 2009