Open amdounio opened 1 year ago
@amdounio The problem was due on cookie PHPSESSID destroyed by some browser (Google Chrome/ Microsoft Edge) on cross domain requests.
To prevent this issue I've modified the session_start() call on plugin hook 'init' on this way with 3 options:
if ( session_status() == PHP_SESSION_NONE ) {
session_set_cookie_params(['samesite' => 'None']);
session_start(['cookie_secure' => true,'cookie_httponly' => true]);
}
And wp-spid-italia.php:
if ( isset( $_GET['spid_idp'] ) && $_GET['spid_idp'] != '' ) {
if ( $sp->isAuthenticated() ) {
unset($_SESSION['RequestID']);
unset($_SESSION['idpName']);
unset($_SESSION['idpEntityId']);
unset($_SESSION['acsUrl']);
unset($_SESSION['spidSession']['idp']);
unset($_SESSION['spidSession']);
unset($_SESSION['inResponseTo']);
unset($_SESSION['spid_redirect_to']);
unset($_SESSION['sloUrl']);
}
}
This code will fix the issue. I Hope this help you !
Regards Nunzio
Thanks you for this plugin , but i have the same problem , i login via spid in the second try
"SPID - Riprovare" in the first try ,
Originally posted by @amdounio in https://github.com/WPGov/wp-spid-italia/issues/34#issuecomment-1303213593