Question about AuthToken cookie warnings and PHP session_id() fatal errors
157 views
Skip to first unread message
devm...@inspireemail.co.uk
Jul 31, 2020, 8:57:49 AM7/31/20
to SimpleSAMLphp
Hello Simple SAMLers! (OK, that sounds bad LOL)
Hope you can help me out or provide some clues.
I am using SimpleSAMLPHP v1.17.6 in a production integration with a client
(they are the SAML2 IdP and we are the SAML2 SP).
Things are going well, but we get the very occasional warning of
"missing AuthToken cookie" in the SimpleSAML log.
Interestingly, and this is my main focus of investigation, when this warning occurs, it is always
immediately followed (or preceded? I don't know the exact sequence sorry) by
PHP fatal errors of
"PHP Fatal error: Uncaught ErrorException: session_id():
Cannot change session id when headers already sent in /var/www/my-vhost/laravel/vendor/simplesamlphp/simplesamlphp/lib/SimpleSAML/SessionHandlerPHP.php:192".
This is showing up as a 500 error web page for the client's end users.
So I guess what I'm keen to know more about is:
[] Is the session_id() error causing the "missing AuthToken cookie" SAML warning? Or vice versa?
[] I've noticed that the code around /simplesamlphp/simplesamlphp/lib/SimpleSAML/SessionHandlerPHP.php:192
doesn't check for any return values or exceptions from session_id(). Is this a bug or a concern for
the SimpleSAMLPHP codebase?
Well, that's all I've got at the moment. I'm ultimately trying to figure out if this is
is an issue with the IdP, the SP or SimpleSAMLPHP itself.
Please don't be shy, any and all insights are very much appreciated here.
Thank you.
Kind regards,
Daniel
Hope you can help me out or provide some clues.
I am using SimpleSAMLPHP v1.17.6 in a production integration with a client
(they are the SAML2 IdP and we are the SAML2 SP).
Things are going well, but we get the very occasional warning of
"missing AuthToken cookie" in the SimpleSAML log.
Interestingly, and this is my main focus of investigation, when this warning occurs, it is always
immediately followed (or preceded? I don't know the exact sequence sorry) by
PHP fatal errors of
"PHP Fatal error: Uncaught ErrorException: session_id():
Cannot change session id when headers already sent in /var/www/my-vhost/laravel/vendor/simplesamlphp/simplesamlphp/lib/SimpleSAML/SessionHandlerPHP.php:192".
This is showing up as a 500 error web page for the client's end users.
So I guess what I'm keen to know more about is:
[] Is the session_id() error causing the "missing AuthToken cookie" SAML warning? Or vice versa?
[] I've noticed that the code around /simplesamlphp/simplesamlphp/lib/SimpleSAML/SessionHandlerPHP.php:192
doesn't check for any return values or exceptions from session_id(). Is this a bug or a concern for
the SimpleSAMLPHP codebase?
Well, that's all I've got at the moment. I'm ultimately trying to figure out if this is
is an issue with the IdP, the SP or SimpleSAMLPHP itself.
Please don't be shy, any and all insights are very much appreciated here.
Thank you.
Kind regards,
Daniel
Peter Dolinaj
Sep 29, 2020, 3:32:38 PM9/29/20
to SimpleSAMLphp
Hi. Are you using the Simple Saml package for Laravel? If yes, which one do you use. Thanks
Dev Master
Nov 25, 2020, 8:40:32 AM11/25/20
to SimpleSAMLphp
Hello Peter,
Sorry for the delay, the Composer package for this is simply:
simplesamlphp/simplesamlphp
Reply all
Reply to author
Forward
0 new messages