Opened 2 years ago
#1487975 new Feature Patches
Option to keep session before authentication hook
| Reported by: | cabeca | Owned by: | |
|---|---|---|---|
| Priority: | 10 - Lowest | Milestone: | later |
| Component: | Plugin API | Version: | git-master |
| Severity: | minor | Keywords: | |
| Cc: |
Description
Hi,
Bellow is a small patch needed for some authentication plug-ins that need multiple passes in the authentication hook, and requires the session not to be destroyed before the hook is called.
The modification is to purge the session in case of new login when a session already exists but keep it if told so. Some authenticate hooks may use redirections (ex. SSO systems) and multiple passes and may need to keep the session to complete authentication
The plugin can use this feature like so:
function authenticate($args) {
// retrieve configurations
$cfg = rcmail::get_instance()->config->all();
// initialize CAS client
$this->cas_init();
$_SESSION['keep_session'] = true;
// attempt to authenticate with CAS server
if (phpCAS::forceAuthentication()) {
// retrieve authenticated credentials
$args['user'] = phpCAS::getUser();
$args['valid'] = true;
unset($_SESSION['keep_session']);
}
return $args;
}
Best Regards
Miguel Cabeça
Attachments (1)
Note: See
TracTickets for help on using
tickets.
