Allow SHIB_SESSION_ID as Shibboleth session header#20
Closed
ck-ws wants to merge 1 commit intomitcho:masterfrom
ck-ws:pr-shibsessionactive
Closed
Allow SHIB_SESSION_ID as Shibboleth session header#20ck-ws wants to merge 1 commit intomitcho:masterfrom ck-ws:pr-shibsessionactive
ck-ws wants to merge 1 commit intomitcho:masterfrom
ck-ws:pr-shibsessionactive
Conversation
this is used by some server implementations, e.g. lighttpd
|
Wonder if it would be worthwhile (and safe) to just make the whole header ID case-insensitive. |
Contributor
Author
|
That's actually the way I implemented it in my own applications. HTTP Headers are case-insensitive, but the _SERVER variables aren't. But again the usual _SERVER variables like PHP_SELF, REDIRECT_URI, etc. are all uppercase by default. Wasn't sure if this would be accepted, so I chose the less intrusive way, which would also be fine for me, since the other attributes can be configured. |
Contributor
|
#13 uses getenv() which is case-insensitive and should fix this issue. Plus, all the other benefits it was written to solve. |
Contributor
Author
|
Haven't seen that. I would vote for #13, too! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
this is used by some server implementations, e.g. lighttpd.
In lighttpd all SERVER-Variable names are uppercased and dashes are replaced by underscores.
If this isn't modified as in the patch below, I get the known redirect of death ;)
This also affects the normal attributes, but there it's possible to transform them to uppercase myself in the config (uid -> UID, isMemberOf -> ISMEMBEROF).