SESSION variables not working after require SIMPLESAMLPHP

Question

I'm having a problem with my session variables.

I can't set any variable after my require once. But I need to store my data after the login.

Here is the code :

<?php include "include/header.php";

require_once('simplesamlphp/lib/_autoload.php');
$as = new \SimpleSAML\Auth\Simple('default-sp');

$as->requireAuth();

$attributes = $as->getAttributes();

$_SESSION["nivauth"] = "test";

?>

EDIT :

• session_start() is in the header.php
• i try to get the session var on another page with echo $_SESSION["nivauth"];

I have this error on the other page : Notice: Undefined index: nivauth in /var/www/html/cableEdit.php on line 10

And my session var nivauth is available only on my first page.

My session_start() is working, and all my others sessions variables are created on others pages can be viewed.

If I place $_SESSION["nivauth"] = "test"; just under the include everything works, but I can't get nivauth from the authentification.

The var is created but can't be accessed on other page...

Answer 1

Solved with codeigniter

function sentara_sso_sp_auth_webhook(){               
    require_once 'simplesamlphp/lib/_autoload.php';       
     // close session and restore default handler
     session_write_close();
     session_set_save_handler(new SessionHandler(), true);        
    // Authenticate against the 'default-sp' identity provider
    $auth = new SimpleSAML_Auth_Simple( 'default-sp' );           
    if (!$auth->isAuthenticated()) {
            // The user is not authenticated.           
            $auth->requireAuth();            
        }
    else {
        // We are authenticated, let's get the attributes
        $attributes = $auth->getAttributes();   
        $url = $auth->getLogoutURL();
        echo '<a href="' . htmlspecialchars( $url ) . '">Logout</a>';                       
        // use SimpleSAML\Session
        $session = \SimpleSAML\Session::getSessionFromRequest();
        $session->cleanup();
        session_write_close();
        // back to custom save handler
        session_set_save_handler(new SessionHandler(),true);
        session_start();
        $_SESSION[ 'attributes' ] = $attributes;
        // Do something based on attributes:
        // redirect, etc..
    }       
}

Answer 2

I was stuck on a similar issue with SimpleSamlPHP. After tried with various solutions, finally below workaround solved my issue.

In your header.php(or other pages), instead of session_start(); initiate SimpleSamlPHP class by adding below two lines you can restore your custom session variable along with simplesamlphp session.

require_once('simplesamlphp/lib/_autoload.php');
$as = new \SimpleSAML\Auth\Simple('default-sp');

Here is the snippet.

<?php
//header.php
//session_start();
require_once('simplesamlphp/lib/_autoload.php');
$as = new \SimpleSAML\Auth\Simple('default-sp');

echo $_SESSION["nivauth"]; 

Answer 3

cleanup() simply was not working So i did two changes in addition to $session->cleanup() to make it work

1- empty session.phpsession.cookiename in config/config.php

'session.phpsession.cookiename' => ''

2- Added session_start(); after cleanup()

$session = SimpleSAML_Session::getSessionFromRequest();
$session->cleanup();
//session_write_close();
session_start();

Answer 4

Refer to this part of the documentation

If we are using PHP sessions in SimpleSAMLphp and in the application we are protecting, SimpleSAMLphp will close any existing session when invoked for the first time, and its own session will prevail afterwards. If you want to restore your own session after calling SimpleSAMLphp, you can do so by cleaning up the session like this:

$session = SimpleSAML_Session::getSessionFromRequest();
$session->cleanup();

If you don't cleanup SimpleSAMLphp's session and try to use $_SESSION afterwards, you won't be using your own session and all your data is likely to get lost or inaccessible.