Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • cesnet_simplesamlphp-1.19.8
  • elixir_simplesamlphp-1.19.8
  • simplesamlphp-1.19.8
  • cesnet_simplesamlphp-1.19.5
  • simplesamlphp-2.0
  • feature/assets
  • feature/rac-source-selector
  • cleanup/remove-base64-attributes
  • simplesamlphp-1.19
  • elixir_simplesamlphp-1.19.5
  • aarc_idp_hinting
  • feature/validate-authstate-before-processing
  • feature/build-two-tarballs
  • dependabot/composer/twig/twig-3.4.3
  • tvdijen-patch-1
  • unchanged-acs-url-no-www-script
  • feature/translation-improvements
  • symfony6
  • move_tests
  • v1.19.9
  • v2.1.3
  • v2.0.10
  • v2.1.2
  • v2.0.9
  • v2.1.1
  • v2.0.8
  • v2.1.0
  • v2.0.7
  • v2.1.0-rc1
  • v2.0.6
  • v2.0.5
  • 2.0.4-alpha.1
  • v2.0.4-alpha.1
  • v2.0.4
  • v2.0.3
  • v2.0.2
  • v2.0.1-alpha.1
  • v2.0.1
  • v1.19.8
40 results
Search by author
  • Any Author
  • Bohumír Maštalíř Bohumír Maštalíř mastalir
  • David Flor David Flor 493294
  • Jakub Kriš Jakub Kriš 182608
  • Jan Pavlíček Jan Pavlíček 469355
  • Jiří Prokop Jiří Prokop 525248
  • Marek Hlávka Marek Hlávka 484956
  • Martin Kuba Martin Kuba 3988
  • Matej Jošťák Matej Jošťák mixxo
  • Mgr. Radim Křivánek Mgr. Radim Křivánek radimkrivanek
  • Michal Berky Michal Berky 514063
  • Pavel Vyskočil Pavel Vyskočil 445753
  • Pavel Zlámal Pavel Zlámal 256627
  • Perun-GitLab Service Account Perun-GitLab Service Account 9045464
  • Peter Bolha Peter Bolha 485456
  • Peter Lényi Peter Lényi 256333
  • Přemysl Kala Přemysl Kala 47343
  • Rastislav Kruták Rastislav Kruták 492918
  • Šárka Palkovičová Šárka Palkovičová 492687
18 authors
  1. Jun 09, 2017
  3. Apr 01, 2017
  5. Dec 05, 2016
  7. Jul 02, 2016
    • Jaime Pérez's avatar
      bugfix: Stop SimpleSAML_SessionHandler::newSessionId() from initializing the session. · 4056af12
      Jaime Pérez authored 
      Historically, SimpleSAML_SessionHandler::newSessionId() has also created the session, sending the cookies to the browser. This is problematic both because given the name of the method one would not assume such behaviour, and also because even for transient sessions the handler would then try to set cookies. When we are using a transient session, it is likely to be because we cannot set cookies or because there was a temporary error when loading the session. If we try to set the cookies even for transient sessions, we could either get an error because cookies cannot be set, or overwrite the previous session cookies with transient ones, trashing a legitimate session in case a temporary error occurs.

As a side effect, this can also cause behaviours like the one described in issue #413. There's no point in trying to set the cookies when it's not possible, so we shouldn't even try, and save us the errors.

To fix this, we made SimpleSAML_SessionHandler::setCookie() abstract, forcing each extending class to implement it. The former implementation is moved to SimpleSAML_SessionHandlerCookie, and the SimpleSAML_SessionHandlerPHP gets a new method that starts the session, effectively sending the cookie. SimpleSAML_Session would then be responsible to call the setCookie() method of the session handler when creating a regular session, and skip it when creating a transient one. This introduces a bug, since SimpleSAML_Session was trying to set the auth token cookie calling the same setCookie() method in the session handler. We fixed that by using SimpleSAML\Utils\HTTP::setCookie() instead, in 8756835b.

This resolves #413.
      4056af12
  9. Apr 07, 2016
    • Jaime Perez Crespo's avatar
      Add a method to SimpleSAMLphp_SessionHandlerPHP to restore a session existing... · 8dc545b8
      Jaime Perez Crespo authored 
      Add a method to SimpleSAMLphp_SessionHandlerPHP to restore a session existing previously to our own session. This can be used in SimpleSAML_Session to restore the PHP session status previous to calling our API, while also guaranteeing that our session is correctly saved. The documentation has been updated to reflect this and recommend how to deal with conflicting PHP sessions. This closes #244 and resolves #349.
      8dc545b8
  11. Oct 26, 2015
  13. Aug 05, 2015
  15. Aug 04, 2015
  17. Aug 03, 2015
  19. Apr 21, 2015
  21. Jul 09, 2014
  23. Sep 13, 2013
  25. Sep 05, 2013
  27. Sep 04, 2013
  29. Mar 29, 2012
  31. Jul 28, 2011
  33. Aug 09, 2010
  35. Jul 13, 2010
  37. Jul 07, 2010
  39. Dec 02, 2009
  41. Aug 17, 2009
  43. Jun 06, 2008
  45. Mar 06, 2008
  47. Mar 05, 2008
  49. Jan 30, 2008
  51. Dec 18, 2007
  53. Nov 28, 2007