Skip to content
Snippets Groups Projects

basicshib preserve drupal session

  • Clone with SSH
  • Clone with HTTPS
  • Embed
  • Share
    The snippet can be accessed without any authentication.
    Authored by Will McCreery

    this patch simply lets Drupal handle the expiration of sessions

    Edited
    basicshib-session-expiration-option.patch 2.65 KiB
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72 
    diff --git a/src/AuthenticationHandler.php b/src/AuthenticationHandler.php
index 5f636da..a3f4add 100644
--- a/src/AuthenticationHandler.php
+++ b/src/AuthenticationHandler.php
@@ -56,6 +56,11 @@ class AuthenticationHandler implements AuthenticationHandlerInterface {
    */
   private $path_validator;
 
+  /**
+   * @var \Drupal\Core\Config\ImmutableConfig
+   */
+  private $config;
+
   /**
    * AuthenticationHandler constructor.
    *
@@ -96,6 +101,8 @@ class AuthenticationHandler implements AuthenticationHandlerInterface {
       ->get('handlers');
 
     $this->path_validator = $path_validator;
+
+    $this->config = $config_factory->get('basicshib.settings');
   }
 
   /**
@@ -269,13 +276,17 @@ class AuthenticationHandler implements AuthenticationHandlerInterface {
       return self::AUTHCHECK_IGNORE;
     }
 
-    // Authenticated user with expired shib session
     $session_id = $this->attribute_mapper->getAttribute('session_id', true);
-    if (!$session_id) {
-      $this->terminateSession($account);
-      return self::AUTHCHECK_SHIB_SESSION_EXPIRED;
+    // Authenticated user with expired shib session
+    // if applicable
+    if ($this->config->get('invalidate_drupal_session')) {
+      if (!$session_id) {
+        $this->terminateSession($account);
+        return self::AUTHCHECK_SHIB_SESSION_EXPIRED;
+      }
     }
 
+
     // Authenticated user whose tracked session id does not match the current
     // session id.
     if ($session_id !== $this->session_tracker->get()) {
diff --git a/src/Form/CoreSettingsForm.php b/src/Form/CoreSettingsForm.php
index 83fcd4e..40e933b 100644
--- a/src/Form/CoreSettingsForm.php
+++ b/src/Form/CoreSettingsForm.php
@@ -72,6 +72,12 @@ class CoreSettingsForm extends ConfigFormBase {
       '#default_value' => $config->get('handlers')['logout'],
     ];
 
+    $form['invalidate_drupal_session'] = [
+      '#type' => 'checkbox',
+      '#title' => $this->t('Invalidate Drupal session when shibboleth session expires'),
+      '#default_value' => $config->get('invalidate_drupal_session')
+    ];
+
     $form['attributes'] = [
       '#type' => 'fieldset',
       '#title' => $this->t('Attributes'),
@@ -188,6 +194,7 @@ class CoreSettingsForm extends ConfigFormBase {
     $this->config('basicshib.settings')
       ->set('login_link_label', $form_state->getValue('login_link_label'))
       ->set('default_post_login_redirect_path', $form_state->getValue('default_post_login_redirect_path'))
+      ->set('invalidate_drupal_session', $form_state->getValue('invalidate_drupal_session'))
       ->set('handlers', [
           'login' => $form_state->getValue('login_handler'),
           'logout' => $form_state->getValue('logout_handler'),
    0% or .
    You are about to add 0 people to the discussion. Proceed with caution.
    Finish editing this message first!
    Please register or to comment