Merge pull request SAML-Toolkits#412 from SwenVanZanten/master

Empty instead of unset the $_SESSION variable
willik · Dec 5, 2019 · cc4d849 · cc4d849
2 parents a4619e0 + 1d2c226
commit cc4d849
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 7 deletions.
diff --git a/lib/Saml2/Utils.php b/lib/Saml2/Utils.php
@@ -966,12 +966,11 @@ public static function isSessionStarted()
      */
     public static function deleteLocalSession()
     {
+        session_unset();
 
         if (OneLogin_Saml2_Utils::isSessionStarted()) {
             session_destroy();
         }
-
-        unset($_SESSION);
     }
 
     /**

diff --git a/tests/src/OneLogin/Saml2/UtilsTest.php b/tests/src/OneLogin/Saml2/UtilsTest.php
@@ -370,10 +370,10 @@ public function testGetselfhost()
     public function testisHTTPS()
     {
         $this->assertFalse(OneLogin_Saml2_Utils::isHTTPS());
-        
+
         $_SERVER['HTTPS'] = 'on';
         $this->assertTrue(OneLogin_Saml2_Utils::isHTTPS());
-    
+
         unset($_SERVER['HTTPS']);
         $this->assertFalse(OneLogin_Saml2_Utils::isHTTPS());
         $_SERVER['HTTP_HOST'] = 'example.com:443';
@@ -482,7 +482,7 @@ public function testSetBaseURL()
         $expectedUrlNQ2 = 'http://anothersp.example.com:81/example2/route.php';
         $expectedRoutedUrlNQ2 = 'http://anothersp.example.com:81/example2/route.php';
         $expectedUrl2 = 'http://anothersp.example.com:81/example2/route.php?x=test';
-        
+
         $this->assertEquals('http', OneLogin_Saml2_Utils::getSelfProtocol());
         $this->assertEquals('anothersp.example.com', OneLogin_Saml2_Utils::getSelfHost());
         $this->assertEquals('81', OneLogin_Saml2_Utils::getSelfPort());
@@ -957,7 +957,7 @@ public function testDeleteLocalSession()
             $this->assertTrue($_SESSION['samltest']);
 
             OneLogin_Saml2_Utils::deleteLocalSession();
-            $this->assertFalse(isset($_SESSION));
+            $this->assertEmpty($_SESSION);
             $this->assertFalse(isset($_SESSION['samltest']));
 
             $prev = error_reporting(0);
@@ -966,7 +966,7 @@ public function testDeleteLocalSession()
 
             $_SESSION['samltest'] = true;
             OneLogin_Saml2_Utils::deleteLocalSession();
-            $this->assertFalse(isset($_SESSION));
+            $this->assertEmpty($_SESSION);
             $this->assertFalse(isset($_SESSION['samltest']));
         }
     }