Open jtsternberg opened 9 years ago
$_SESSION
is really only used for debugging (there are better ways if doing this) and for the nonce
and state
parameters of the authorization request. If you use a different method (e.g. WP_Session
to persist the antiforgery ID (used for both nonce
and state
) between the authorization request and the authorization response), then you don't need PHP sessions.
Thanks @psignoret, that's good to hear. We'll be making this a priority to remove in the next few weeks, I'm guessing.
Would probably be worthwhile to understand why you're getting the error, though. I can't repro.
@psignoret I think it has more to do with the environment/wincache/etc than the actual plugin itself, but I see it as an opportunity for improvement in the plugin itself. SESSIONS are a mixed bag of issues, so avoiding them, if possible, is ideal IMO.
@jtsternberg Agreed, they were meant to be a stop-gap method anyway.
Ah yah, definitely understand @psignoret!
At first glance, I don't see that there's anything requiring sessions, and the php error log is filled with "PHP Fatal error: Maximum execution time of 300 seconds exceeded in D:\home\site\wwwroot\wp-content\plugins\aad-sso-wordpress\aad-sso-wordpress.php on line 110" on IIS. Based on call with Microsoft team, the plan is to remove that dependency.